'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:spring_cloud_gateway_rce_vul(Rule ID:1070210198)

Release Date2025/9/15

Rule NameCVE-2022-22947: Spring Cloud Gateway Remote Code Execution Vulnerability

Severity:critical

CVE IDCVE-2022-22947

 

Descripiton

Spring Cloud Gateway is based on the API gateway built by Spring Framework and Spring Boot, which is intended to provide a simple, effective, unified API routing management method for the micro service architecture. When enabled and exposed the Gateway Actuator endpoint, the application using Spring Cloud Gateway can be attacked by the code. An attacker can send a special malicious request to remotely perform any code. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.