Lucene search

TrendmicroCVELIST:CVE-2023-0587

HistoryFeb 01, 2023 - 12:00 a.m.

CVE-2023-0587

2023-02-0100:00:00

trendmicro

www.cve.org

trend micro

apex one

file upload vulnerability

http put

remote attacker

arbitrary files

samplesubmission directory

unauthenticated

cve-2023-0587

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

59.2%

JSON

A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory (i.e., \PCCSRV\TEMP\SampleSubmission) on the server. The attacker can upload a large number of large files to fill up the file system on which the Apex One server is installed.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Trend Micro Apex One",
    "versions": [
      {
        "version": "Build 11110",
        "status": "affected"
      }
    ]
  }
]

References

www.tenable.com/security/research/tra-2023-5