'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_other:jackson_databind_deserialization_vul(Rule ID:1070310166)

Release Date2025/9/15

Rule NameCVE-2020-36188: Jackson-databind Deserialization Vulnerability

Severity:high

CVE IDCVE-2020-36188

 

Descripiton

FasterXML Jackson-Database is a library based on Java that can convert data formats such as XML and JSON with Java objects. Jackson can easily convert Java objects into JSON objects and XML documents, and also convert JSON, XML into Java objects. Fasterxml Jackson-DataBind 2.x Before 2.9.10.8 There is a code problem vulnerability, which is from com.newrel.agent.deps.ch.QOS.logback.core.db.jndiconnections, incorrectly handles the interaction of Serialization Gadgets and Typing. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.