'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_other:xstream_ssrf_vul(Rule ID:1070310168)

Release Date2025/9/15

Rule NameCVE-2020-26258: XStream Server-Side Request Forgery Vulnerability

Severity:high

CVE IDCVE-2020-26258

 

Descripiton

XStream is a lightweight, easy-to-use open source Java class library of the XStream (XStream) team, which is mainly used to sequence the object serial into XML (JSON) or reverse sequences. XStream exists code problem vulnerabilities, which derived from server-side counterfeit request vulnerabilities to be activated during grouping. The vulnerability may allow remote attackers to use this vulnerability to request data from the internal resource request from the internal resource request by manipulating the processed input stream. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.