'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:node.js_deserialization_rce_vul(Rule ID:1070210231)

Release Date2025/9/15

Rule NameCVE-2017-5941: Node.js Deserialization RCE Vulnerability

Severity:critical

CVE IDCVE-2017-5941

 

Descripiton

Joyent Node.js is a network application platform built on the Google V8 JavaScript engine by Joyent Corporation of the United States. The platform is primarily used for building highly scalable applications and writing connection code that can handle tens of thousands of simultaneous connections to a single physical machine. There is a code problem vulnerability in the unserialize() function of the node-serialize module in Joyent Node.js, which is caused by the function's failure to effectively detect externally called code. A remote attacker could exploit this vulnerability to execute arbitrary code by passing malicious data into this function. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.