'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:splunk_enterprise_arbitrart_file_read_vul(Rule ID:1070210320)

Release Date2025/9/15

Rule NameCVE-2024-36991: Splunk Enterprise Arbitrary File Read Vulnerability

Severity:critical

CVE IDCVE-2024-36991

 

Descripiton

Splunk is a data collection and analysis software developed by Splunk, an American company. The software is primarily used to collect, index, and analyze a wide variety of data, including data generated from all IT systems and infrastructure, including physical, virtual, and cloud environments. There exists an arbitrary file read vulnerability in versions of Splunk Enterprise prior to 9.2.2, 9.1.5, and 9.0.10 on Windows. This vulnerability arises due to a security issue in Python os.path.join function when handling Windows paths. Unauthenticated attackers can exploit this vulnerability to perform path traversal and read arbitrary system files on Splunk Enterprise (running on Windows and with Splunk Web enabled) via the /modules/messaging/ endpoint. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.