'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:jenkins_path_traversal_vul(Rule ID:1070210230)

Release Date2025/9/15

Rule NameCVE-2019-10352: Jenkins Path Traversal Vulnerability

Severity:mid

CVE IDCVE-2019-10352

 

Descripiton

CloudBees Jenkins (Hudson Labs) is a set of Java-based continuous integration tools developed by CloudBees in the United States. This product is mainly used to monitor continuous software version release/test projects and some scheduled tasks. LTS is a long-term support release of CloudBeesJenkins. A path traversal vulnerability exists in the core/src/main/java/hudson/model/FileParameterValue.java file in CloudBees Jenkins 2.185 and earlier and LTS 2.176.1 and earlier. The vulnerability stems from a network system or product failing to properly filter special elements in resource or file paths. An attacker could exploit this vulnerability to access locations outside the restricted directory. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.