'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:jira_server_and_data_center_information_disclosure_vulnerability(Rule ID:1070210489)

Release Date2025/9/15

Rule NameCVE-2020-36289:Jira Server and Data Center Information Disclosure Vulnerability

Severity:critical

CVE IDCVE-2020-36289

 

Descripiton

Atlassian Jira is a defect tracking and management system of Atlassian Company in Australia. This system is mainly used for tracking and managing various problems and defects in the work. The vulnerability is due to/QueryComponentRendererValue! The Default.jspa endpoint can be used for user enumeration. If Jira is exposed to the public network, unauthorized users can directly access this endpoint to blast out potential usernames. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.