CVE-2023-0587

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One server build 11110

Description A file upload vulnerability exists in the Trend Micro Apex One server. Using a malformed Content-Length header in an HTTP PUT message sent to the "/officescan/console/html/cgi/fcgiOfcDDA.exe" API endpoint, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory on the server. The attacker can upload a large number of large files to fill up the file system on which the Apex One server is installed.

Recommendations For Trend Micro Apex One server build 11110, as a temporary workaround, consider restricting access to the /officescan/console/html/cgi/fcgiOfcDDA.exe API endpoint until a patch is available. Avoid using the Content-Length header in HTTP PUT messages to this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.