'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_other:xstream_arbitrary_file_deletion_vul(Rule ID:1070310164)

Release Date2025/9/15

Rule NameCVE-2020-26259: XStream Arbitrary File Deletion Vulnerability

Severity:mid

CVE IDCVE-2020-26259

 

Descripiton

XStream is a lightweight, easy-to-use open source Java class library from the XStream (Xstream) team, which is mainly used to serialize objects into XML (JSON) or deserialize into objects. There is an operating system command injection vulnerability in XStream 1.1.14 and earlier operating systems. The vulnerability could allow a remote attacker to delete any known file on the host as a log. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.