'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_other:fastjson_deserialization_vul_by_using_org.codehaus.groovy(Rule ID:1070310183)

Release Date2025/9/15

Rule NameCVE-2022-25845:Fastjson Deserialization Vulnerability by USing org.codehaus.groovy

Severity:high

CVE IDCVE-2022-25845

 

Descripiton

Fastjson is a fast JSON parser/generator based on Java. Fastjson prior to version 1.2.83 has a security vulnerability due to the ease of bypassing the default autoType closure restriction to deserialize untrusted data, which can be exploited by attackers to attack remote servers via groovy deserialization exploit chains.This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.