'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:apache_solr_environment_variable_information_leaks_vulnerability(Rule ID:1070210420)

Release Date2025/9/15

Rule NameCVE-2023-50290: Apache Solr Environment Variable Information Leaks Vulnerability

Severity:high

CVE IDCVE-2023-50290

 

Descripiton

Apache Solr is an open source search engine. In affected versions of Apache Solr, the Solr Metrics API defaults to output all environment variables that are not individually configured with a protection policy. With no authentication or metrics-read permissions by default, an attacker can obtain all system environment variables on the host running the solr instance, including configuration of sensitive information, keys, and so on, by sending malicious requests to the /solr/admin/metrics endpoint. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.