'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_other:apache_log4j_rce_vul_::-_Bypass(Rule ID:1070310167)

Release Date2025/9/15

Rule NameCVE-2013-7285,CVE-2019-10173: XStream Deserialization Command Injection Vulnerability

Severity:critical

CVE IDCVE-2013-7285 CVE-2019-10173

 

Descripiton

XStream is a lightweight, easy-to-use open source Java class library for the XStream team, which is mainly used to sequence the object serial into XML (JSON) or reverse sequence as an object. There is a command injection vulnerability in XStream. This vulnerability is derived from an external input data constructor executable command, and the network system or product is not properly filtered with special elements. An attacker can use this vulnerability to perform illegal orders. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.