'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app: sonarqube_sensitive_infor_disclosure_vul(Rule ID:1070210242)

Release Date2025/9/15

Rule NameCVE-2020-27986: SonarQube Sensitive Information Disclosure Vulnerability

Severity:high

CVE IDCVE-2020-27986

 

Descripiton

SonarQube is an open source code quality management and analysis and auditing platform that supports code quality management in more than 20 programming languages including Java, C#, C/C++, PL/SQL, Cobol, JavaScript, Groovy, etc. , program errors, writing specifications, security vulnerabilities and other issues are detected, and the results are presented through the SonarQube Web interface. The vulnerability is unauthorized access caused by improper configuration. Attackers can use this vulnerability to access the api/settings/values interface without authorization to obtain SMTP, SVN, GitLab credentials, and further obtain other sensitive code and data information. cause serious harm. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.