Vulnerability Details CVE-2023-0587
A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory (i.e., \PCCSRV\TEMP\SampleSubmission) on the server. The attacker can upload a large number of large files to fill up the file system on which the Apex One server is installed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.266
EPSS Ranking 96.1%
CVSS Severity
CVSS v3 Score 9.1
References
Products affected by CVE-2023-0587
-
cpe:2.3:a:trendmicro:apex_one:-