'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_other:jboss_auth_bypass(Rule ID:1070310184)

Release Date2025/9/15

Rule NameCVE-2010-0738: RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass

Severity:mid

CVE IDCVE-2010-0738

 

Descripiton

JBoss Enterprise Application Platform (EAP) is a middleware platform of J2EE. An authentication bypass vulnerability has been reported in JBoss Enterprise Application Platform JMX Console application. The vulnerability is caused by the authentication policy within the application that only enforces restrictions for GET and POST methods, other HTTP request verbs bypass authentication. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.