'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_other:apache_tomcat_session_deserialization_vul(Rule ID:1070310142)

Release Date2025/9/15

Rule NameApache Tomcat Session Deserialization Vulnerability (CVE-2020-9484)

Severity:high

CVE ID

 

Descripiton

Apache Tomcat is a lightweight web application server of the Apache Software Foundation in the United States. The program implements support for Servlet and JavaServer Page (JSP). There is a security vulnerability in Apache Tomcat. Attackers can use the vulnerability to execute code by controlling the content and name of files on the server. The following products and versions are affected: Apache Tomcat 10.0.0-M1 version to 10.0.0-M4 version, 9.0.0.0.M1 version to 9.0.34 version, 8.5.0 version to 8.5.54 version, 7.0.0 version to Version 7.0.103. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.