'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_other:Apache httpd FilesMatch Directive Security Restriction Bypass(Rule ID:1070310031)

Release Date2025/9/15

Rule NameCVE-2017-15715: Apache httpd FilesMatch Directive Security Restriction Bypass Vulnerability

Severity:high

CVE IDCVE-2017-15715

 

Descripiton

A security policy bypass vulnerability has been reported in Apache httpd. The vulnerability is due to '<FilesMatch>' directive incorrectly matching with the request URI sent by the user. A remote attacker can exploit this vulnerability by sending a HTTP PUT request with crafted URI to the remote HTTP server. Successful exploitation could result in security policy bypass and arbitrary file upload if the HTTP server is configured to allow file uploading like HTTP PUT method. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.