'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:jenkins_cl_rce_vul(Rule ID:1070210202)

Release Date2025/9/15

Rule NameCVE-2017-1000353,CVE-2016-9299: Jenkins CL Remote Code Execution Vulnerability

Severity:critical

CVE IDCVE-2017-1000353 CVE-2016-9299

 

Descripiton

Cloudbees Jenkins is a Java-based open source, sustainable integration automation server, which is developed by Java, US CLOUDBEES, which is mainly used to monitor continuous software version release / test items and some timing execution tasks. LTS (Long-Term Support) is a long-term support version of CloudBees Jenkins. CloudBees Jenkins 2.56 and previous versions and 2.46.1 LTS and previous versions exist in remote code execution vulnerabilities. Remote attackers can use the vulnerability bypass the protection mechanism based on the blacklist by transmitting sered Java 'SignedObject' objects to Jenkins CLI. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.