Hillstone Networks

'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>

vul_app:apache_ofbiz_directory_traversal_vulnerability（Rule ID：1070210316）

Release Date：2025/9/15

Rule Name：CVE-2024-36104: Apache OFBiz Directory Traversal Vulnerability

Severity：critical

CVE ID：CVE-2024-36104

Descripiton：

Apache OFBiz is an enterprise resource planning (ERP) system developed by the Apache Foundation in the United States. The system provides a complete set of Java-based web application components and tools. Apache OFBiz versions prior to 18.12.14 have a path traversal vulnerability, which is due to improper restriction on pathnames, and an attacker can construct malicious requests to exploit the vulnerability, and successful exploit could further lead to remote code execution.
Other reference：None

Solution：

Update vendor patches.