'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:jetbrains_teamcity_auth_bypass_vul(Rule ID:1070210313)

Release Date2025/9/15

Rule NameCVE-2024-27198: JetBrains TeamCity Authentication Bypass Vulnerability

Severity:critical

CVE IDCVE-2024-27198

 

Descripiton

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis, and build problem analysis reports. Versions prior to JetBrains TeamCity 2023.11.4 have an authentication bypass vulnerability that allows a remote attacker to construct a malicious URL to bypass authentication checks, allowing direct access to the endpoint that requires authentication. A remote attacker could exploit this vulnerability to cause an RCE, create an administrator account, and take full control of a vulnerable TeamCity server, and could further exploit it to cause a supply chain attack. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.