'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:red_hat_jbossmq-jms_deserialization_vul(Rule ID:1070210193)

Release Date2025/9/15

Rule NameCVE-2017-7504: Red Hat JBOSSMQ-JMS Deserialization Vulnerability

Severity:critical

CVE IDCVE-2017-7504

 

Descripiton

Red Hat JBoss Application Server (AS, also known as WildFly) is a JavaEE-based open source application server of Red Hat (Red Hat). It has ultra-fast startup, lightweight, modular design, hot deployment and parallel deployment , Concise management, domain management and first-class components and other features. The HTTPServerILServlet.java file of JMS over HTTP Invocation Layer in the JbossMQ implementation process in Red Hat Jboss AS 4.X and earlier versions has security loopholes. Remote attackers can use this vulnerability to execute arbitrary code with the help of specially crafted serialized data. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.