'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

web_app:dotnetnuke_cookie_deserialization_rce_vul(Rule ID:1070210472)

Release Date2025/9/15

Rule NameCVE-2017-9822:DotNetNuke Cookie Deserialization Remote Code Execution Vulnerability

Severity:critical

CVE IDCVE-2017-9822

 

Descripiton

DNN (formerly known as DotNetNuke) is an open-source content management system (CMS) supported by Microsoft and based on the ASP.NET platform, developed by DNN Corporation in the United States. The system is characterized by its easy installation, extensibility, and rich functionality. There was an input validation vulnerability in versions of DotNetNuke prior to 9.1.1. Remote attackers could exploit this vulnerability to execute arbitrary code.This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.