'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app: apache_solr_xmlparser_xxe_expansion(Rule ID:1070210227)

Release Date2025/9/15

Rule NameCVE-2019-0192: Apache Solr Deserialization Vulnerability

Severity:critical

CVE IDCVE-2019-0192

 

Descripiton

Apache Solr is a search server based on Lucene (a full-text search engine) of the Apache Software Foundation. The product supports level search, vertical search, highlight search results, etc. A security vulnerability exists in Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5. The vulnerability stems from the program not performing deserialization operations safely. An attacker could exploit this vulnerability to execute code. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.