'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app: sharepoint_server_elevation_of_privilege(Rule ID:1070210303)

Release Date2025/9/15

Rule NameCVE-2023-29357: Microsoft SharePoint Server Elevation of Privilege Vulnerability

Severity:critical

CVE IDCVE-2023-29357

 

Descripiton

Microsoft SharePoint is an enterprise business collaboration platform of Microsoft Corporation in the United States. This platform is used to integrate business information, and can share work, collaborate with others, organize projects and workgroups, search for people and information. Microsoft Office SharePoint has a security vulnerability that attackers can exploit to elevate privileges. Unauthenticated remote attackers can exploit this vulnerability by sending a forged JWT authentication token to vulnerable servers, giving them the privileges of an authenticated user on the target. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.