'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:apache_struts2_arbitrary_file_upload_vul(Rule ID:1070210369)

Release Date2025/9/15

Rule NameCVE-2023-50164:Apache Struts2 Arbitrary File Upload Vulnerability

Severity:critical

CVE IDCVE-2023-50164

 

Descripiton

Apache Struts2 is an open source Java Web application development framework designed to help developers build flexible, maintainable, and extensible enterprise Web applications. Apache Struts2 has an arbitrary file upload vulnerability, attackers can pollute related upload parameters lead to directory traversal, in the specific code environment may lead to upload web shell, execute arbitrary code. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.