'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

web_app:xstream_ssrf(Rule ID:1070210533)

Release Date2025/9/15

Rule NameCVE-2021-21342:XStream Server-Side Forgery Request Vulnerability

Severity:critical

CVE IDCVE-2021-21342

 

Descripiton

XStream is a lightweight, easy-to-use open source Java class library of the XStream team. It is mainly used to serialize objects into XML (JSON) or deserialize them into objects. XStream has a code problem vulnerability. An attacker can use this vulnerability to manipulate the processed input stream and replace or inject objects, thus causing the server to forge requests. This rule supports to defend the A6: Vulnerabe and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.