'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app: atlassian_confluence_ognl_injection_vul(Rule ID:1070210240)

Release Date2025/9/15

Rule NameCVE-2022-26134: Atlassian Confluence OGNL Injection Vulnerability

Severity:critical

CVE IDCVE-2022-26134

 

Descripiton

Atlassian Confluence Server is a server version of Australian Atlassian's corporate knowledge management function and supports the construction of a collaborative software for corporate Wiki. Atlassian Confluence Server and Data Center have input verification error vulnerabilities. The attacker uses this vulnerability to execute any code. The following products and versions are affected: Edition 1.3.0 to 7.4.17 Previous version, version 7.13.0 to 7.13.7, version 7.14.0 to 7.14.3, version 7.15.0 to 7.15.2 Previous version , Version 7.16.0 to 7.16.4, version 7.17.0 to 7.17.4, version 7.18.0 to the previous version of 7.18.1. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.