'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:oracle_weblogic_deserialization_rce_vul(Rule ID:1070210232)

Release Date2025/9/15

Rule NameCVE-2018-3252: Oracle WebLogic Deserialization RCE Vulnerability

Severity:critical

CVE IDCVE-2018-3252

 

Descripiton

Oracle Fusion Middleware (Oracle Fusion Middleware) is a set of business innovation platforms for enterprise and cloud environments from Oracle Corporation. The platform provides functions such as middleware and software collection. WebLogic Server is one of the application server components for cloud and traditional environments. A security vulnerability exists in the WLS Core Components subcomponent of the WebLogic Server component version 10.3.6.0, version 12.1.3.0, and version 12.2.1.3 in Oracle Fusion Middleware. Attackers can exploit this vulnerability to control components, affecting the confidentiality, integrity and availability of data. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.