'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_other:jackson_databind_deserialization_vul_before_2.9.10.8(Rule ID:1070310177)

Release Date2025/9/15

Rule NameJackson-databind 2.9.10.8 Deserialization Vulnerability

Severity:critical

CVE IDCVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2017-17485 CVE-2017-7525

 

Descripiton

FasterXML Jackson-Database is a library based on Java that can convert data formats such as XML and JSON with Java objects. Jackson can easily convert Java objects into JSON objects and XML documents, and also convert JSON, XML into Java objects. Fasterxml Jackson-DataBind 2.x Before 2.9.10.8 There is a code problem vulnerability, which is from com.newrel.agent.deps.ch.QOS.logback.core.db.jndiconnections, incorrectly handles the interaction of Serialization Gadgets and Typing. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.