SECURITY BULLETIN: Important Information about RCE in Apache Struts (CVE-2018-11776) and Trend Micro Products

- Updated:
- 31 Aug 2018
- Product/Version:
- Deep Discovery Analyzer
- Deep Discovery Director
- Deep Discovery Email Inspector
- Deep Discovery Inspector
- Deep Security
- Deep Security As A Service
- Interscan Web Security Virtual Appliance
- OfficeScan
- ScanMail for Exchange
- ServerProtect For Linux
- ServerProtect For Storage
- Smart Protection Server
- Platform:
- Amazon AMI 32-bit
- Amazon AMI 64-bit
- Android 2.0, 2.1 Eclair
- Android 2.1+
- Android 2.2 Froyo
- Android 2.3 Gingerbread
- Android 3.x Honeycomb
- Android 4.0 Ice Cream Sandwich
- Android 4.1 Jellybean
- Android 4.2 Jellybean
- Android 4.3 Jellybean
- Android 4.4 KitKat
- Android 5.0 Lollipop
- Android 5.1 Lollipop
- Android 6.0 Marshmallow
- Android 7.0 Nougat
- Android 8.0
- Android 8.0 Oreo
- Android 9.0 Pie
- Android All
- Android すべて
- Appliance All
- Appliance DELL R210II
- Appliance DELL R410
- Appliance DELL R710
- Appliance DELL R720
- Appliance すべて
- AS400 すべて
- Bare Metal N/A
- Blackberry 5.x
- Blackberry すべて
- CentOS 5.4 32-bit
- CentOS 5.4 64-bit
- CentOS 5.5 32-bit
- CentOS 5.5 64-bit
- CentOS 5.6 32-bit
- CentOS 5.6 64-bit
- CentOS 5.7 32-bit
- CentOS 5.7 64-bit
- CentOS 5.8 32-bit
- CentOS 5.8 64-bit
- CentOS 6 32-bit
- CentOS 6 64-bit
- CentOS 6.1 32-bit
- CentOS 6.1 64-bit
- CentOS 6.2 32-bit
- CentOS 6.2 64-bit
- CentOS 7.0 64-bit
- CentOS 7.2 64-bit
- CentOS 7.3 64-bit
- Citrix XenServer 5.5
- Citrix XenServer 6.0
- EMC すべて
- HPUX 11.x
- IBM AIX
- IBM IBM - OS/390
- IBM IBM - OS/400/i5OS
- IBM IBM zLinux
- IBM AIX 5.2
- IBM AIX 5.3
- IBM AIX 6.1
- IBM AIX 7.1
- IBM AIX 7.2
- IBM OS/400/i5OS V5R4
- IBM OS/400/i5OS V6R1
- IBM OS/400/i5OS V7R1
- IBM zLinux RHEL 5 64-bit
- IBM zLinux SLES 10
- IBM zLinux SLES 11
- iOS 10.0
- iOS 10.x
- iOS 11.0
- iOS 11.1
- iOS 11.2
- iOS 11.3
- iOS 11.x
- iOS 3.0+
- iOS 4.0+
- iOS 5.0+
- iOS 6.0+
- iOS 7.0+
- iOS 7.1+
- iOS 8.0+
- iOS 8.1
- iOS 8.2
- iOS 8.3
- iOS 8.4
- iOS 9.0
- iOS 9.0+
- iOS 9.1
- iOS 9.2
- iOS 9.3
- iOS 9.x
- iOS All
- iOS すべて
- Linux All
- Linux すべて
- Linux - Red Hat RHEL 3 32-bit
- Linux - Red Hat RHEL 3 64-bit
- Linux - Red Hat RHEL 4 32-bit
- Linux - Red Hat RHEL 4 64-bit
- Linux - Red Hat RHEL 5 32-bit
- Linux - Red Hat RHEL 5 64-bit
- Linux - Red Hat RHEL 5.1 32-bit
- Linux - Red Hat RHEL 5.1 64-bit
- Linux - Red Hat RHEL 5.2 32-bit
- Linux - Red Hat RHEL 5.2 64-bit
- Linux - Red Hat RHEL 5.6 32-bit
- Linux - Red Hat RHEL 5.6 64-bit
- Linux - Red Hat RHEL 5.7 32-bit
- Linux - Red Hat RHEL 5.7 64-bit
- Linux - Red Hat RHEL 5.8 32-bit
- Linux - Red Hat RHEL 5.8 64-bit
- Linux - Red Hat RHEL 6 32-bit
- Linux - Red Hat RHEL 6 64-bit
- Linux - Red Hat RHEL 6.1 32-bit
- Linux - Red Hat RHEL 6.1 64-bit
- Linux - Red Hat RHEL 6.2 32-bit
- Linux - Red Hat RHEL 6.2 64-bit
- Linux - Red Hat RHEL 7 64-bit
- Linux - Red Hat RHEL 8 32-bit
- Linux - Red Hat RHEL 8 64-bit
- Linux - Red Hat RHEL 9 32-bit
- Linux - Red Hat RHEL 9 64-bit
- Linux - SuSE 10
- Linux - SuSE 10 64-bit
- Linux - SuSE 11
- Linux - SuSE 11 64-bit
- Linux - SuSE 9.0
- Linux - Turbolinux Server 10
- Linux - Turbolinux Server 8
- Lync Server 2010
- Lync Server 2013
- Macintosh El Capitan
- Macintosh iOS 3.x
- Macintosh iOS 4.x
- Macintosh iOS 5.x
- Macintosh Leopard
- Macintosh Lion
- Macintosh Mavericks
- Macintosh Mountain Lion
- Macintosh Snow Leopard
- Macintosh Tiger
- Macintosh Yosemite
- macOS High Sierra
- macOS Mojave
- macOS Sierra
- macOS すべて
- N/A N/A
- NetApp すべて
- Netware version 5.1
- Netware version 6.0
- Netware version 6.5
- Oracle Linux 5 32-bit
- Oracle Linux 5 64-bit
- Oracle Linux 6 32-bit
- Oracle Linux 6 64-bit
- Oracle Solaris 11 SPARC
- Oracle Solaris 11 x86
- SaaS すべて
- Solaris すべて
- Sony PS3
- Sony PS4
- Sony PSP
- Symbian ^3
- Symbian S60
- Symbian S60 3rd Edition
- Symbian S60 5th Edition
- Ubuntu 10.04 32-bit
- Ubuntu 10.04 64-bit
- Ubuntu 10.1 32-bit
- Ubuntu 10.1 64-bit
- Ubuntu 11.04 32-bit
- Ubuntu 11.04 64-bit
- Ubuntu 12.04 32-bit
- Ubuntu 12.04 64-bit
- Ubuntu 9.1 32-bit
- Ubuntu 9.1 64-bit
- UNIX すべて
- Unix - Solaris (Sun) version 10 (SunOS 5.10)
- Unix - Solaris (Sun) version 8 (SunOS 5.8)
- Unix - Solaris (Sun) version 9 (SunOS 5.9)
- Virtual Appliance 4.1
- Virtual Appliance 5.1
- Virtual Appliance すべて
- VMware ESX - 5.0
- VMware ESX 3.0
- VMware ESX 3.5
- VMware ESX 4.0
- VMware ESX 4.1
- VMware ESX 5.0
- VMware ESXi 3.5
- VMware ESXi 4.0
- VMware ESXi 4.1
- VMware ESXi 5.0
- VMware ESXi 5.1
- VMware ESXi 5.5
- VMware ESXi 6.0
- VMware ESXi Hypervisor 5.5
- VMware Server 2.0
- VMware vCenter 5.0
- VMware vCenter 5.5
- VMware vSphere 4.x
- VMware vSphere 5.0
- VMware vSphere 5.1
- VMware vSphere 5.5
- VMware vSphere 6.0
- Windows 10
- Windows 10 32-bit
- Windows 10 64-bit
- Windows 2000 Advanced Server
- Windows 2000 Datacenter Server
- Windows 2000 Professional
- Windows 2000 Server
- Windows 2000 Small Business Server
- Windows 2003
- Windows 2003 32-Bit
- Windows 2003 64-Bit
- Windows 2003 Compute Cluster Server
- Windows 2003 Datacenter
- Windows 2003 Datacenter 64-bit
- Windows 2003 Enterprise
- Windows 2003 Enterprise 64-bit
- Windows 2003 Home Server
- Windows 2003 Server R2
- Windows 2003 Small Business Server
- Windows 2003 Small Business Server R2
- Windows 2003 Standard
- Windows 2003 Standard 64-bit
- Windows 2003 Web Server 64-bit
- Windows 2003 Web Server Edition
- Windows 2008
- Windows 2008 32-Bit
- Windows 2008 64-Bit
- Windows 2008 Datacenter
- Windows 2008 Datacenter 64-bit
- Windows 2008 Datacenter R2
- Windows 2008 Enterprise
- Windows 2008 Enterprise 64-bit
- Windows 2008 Enterprise R2
- Windows 2008 Essential Business Server
- Windows 2008 R2
- Windows 2008 Server
- Windows 2008 Server Core
- Windows 2008 Server Foundation
- Windows 2008 Server R2
- Windows 2008 Server R2 Datacenter
- Windows 2008 Server R2 Enterprise
- Windows 2008 Server R2 with Hyper-V(TM)
- Windows 2008 Small Business Server
- Windows 2008 Standard
- Windows 2008 Standard 64-bit
- Windows 2008 Standard R2
- Windows 2008 Storage Server
- Windows 2008 Web Server Edition
- Windows 2008 Web Server Edition 64-bit
- Windows 2011 Small Business Server Essentials
- Windows 2011 Small Business Server Premium Add-on
- Windows 2011 Small Business Server Standard
- Windows 2012
- Windows 2012 Datacenter
- Windows 2012 Datacenter R2
- Windows 2012 Enterprise
- Windows 2012 Enterprise R2
- Windows 2012 Server
- Windows 2012 Server Essential R2
- Windows 2012 Server Essentials
- Windows 2012 Server Foundation R2
- Windows 2012 Server R2
- Windows 2012 Standard
- Windows 2012 Standard R2
- Windows 2012 Web Server Edition
- Windows 2016
- Windows 2016 Datacenter
- Windows 2016 Server
- Windows 2016 Server Core
- Windows 2016 Server Datacenter
- Windows 2016 Server Standard
- Windows 2016 Standard
- Windows 7 32-Bit
- Windows 7 64-Bit
- Windows 7 Home Premium 32-bit
- Windows 7 Home Premium 64-bit
- Windows 7 SP1 32-bit
- Windows 7 SP1 64bit
- Windows 7 SP1 64-bit
- Windows 7 Starter 32-bit
- Windows 7 Starter 64-bit
- Windows 7 Ultimate 32-bit
- Windows 7 Ultimate 64-bit
- Windows 8 32-Bit
- Windows 8 64-Bit
- Windows 8 RT
- Windows 8.1 32-Bit
- Windows 8.1 64-Bit
- Windows 9
- Windows All
- Windows Embedded POSReady 7 (32-bit/64-bit)
- Windows Mobile 5 Pocket PC
- Windows Mobile 5 Pocket PC Phone Edition
- Windows Mobile 5 Smartphone
- Windows Mobile 6 Classic
- Windows Mobile 6 Professional
- Windows Mobile 6 Standard
- Windows Mobile 6.1 Professional
- Windows Mobile 6.1 Standard
- Windows Mobile 6.5 Professional
- Windows Mobile 6.5 Standard
- Windows Server 2012
- Windows Server 2012 32-Bit
- Windows Server 2012 64-Bit
- Windows Storage Server 2003
- Windows Vista 32-bit
- Windows Vista 64-bit
- Windows Vista SP1 32-bit / 64-bit
- Windows Vista SP2 32-bit
- Windows Vista SP2 32-bit / 64-bit
- Windows Vista SP2 64-bit
- Windows XP Home
- Windows XP Professional
- Windows XP Professional 64-bit
- Windows XP SP2 32-bit
- Windows XP SP3 32-bit
- Windows XP Tablet PC
- Windows すべて
- Windows Mobile すべて
- Windows Phone 8.0
- Windows Phone 8.1

Summary

Updated: August 30, 2018

On August 22, 2018, The Apache Software Foundation issued a critical security bulletin (S2-057) after security researchers discovered a remote code execution (RCE) vulnerability in the popular open-source Java-based web application development framework.

The vulnerability has been assigned the following CVE identifier: CVE-2018-11776.

Information on Trend Micro protection/detections for this vulnerability, as well as any product information regarding potential Trend Micro products that may be affected can be found below.

For more detailed background on the vulnerability itself, please visit the following Trend Micro Blog: Critical Remote Code Execution Vulnerability (CVE-2018-11776) Found in Apache Struts.

Details

Trend Micro Proactive Protection and Solutions

As with any vulnerability, Trend Micro highly recommends that users apply all critical patches and fixes that vendors provide for security issues as soon as possible. These patches will provide the strongest level of defense against any potential attacks.

Fortunately, Trend Micro has analyzed the information to see if proactive protection rules and filters may be created to help protect against potential attacks, and has deployed the following:

Product	Protection Type	Identifier
Deep Security	Intrusion Prevention Rule¹	1009265 - Apache Struts OGNL Expression Remote Command Execution Vulnerability (CVE-2018-11776) 1008610 - Block Object-Graph Navigation Language (OGNL) Expressions Initiation In Apache Struts HTTP Request
TippingPoint	DV Toolkit CSW Filter¹	Filter C1000001: HTTP: OGNL Entity Usage in an HTTP URI
Deep Discovery Inspector	DDI Rule and Patterns	2726 - CVE-2018-11776 - APACHE STRUTS RCE EXPLOIT - HTTP(Request) NCCP Pattern: 1.13387.00 NCIP Pattern: 1.134221.00
Cloud Edge	Trend Micro DPI Turnkey Solution	1055434 - WEB Apache Struts 2 OGNL Script Injection -3 1055457 - WEB Apache Struts 2 OGNL Script Injection -5
Anti-Malware Products	VSAPI Pattern	TBD if needed for specific threats
Anti-Spware Products	Spyware (SSAPI) Pattern	TBD if needed for specific threats

¹ Due to the nature of the Deep Security rules and TippingPoint filters, certain environments may experience false positives. Customers are advised to review triggers in their networks and put the rules/filters in prevent mode if necessary.

Some rules in Deep Security may not be enabled by default and should be enabled manually after the rule has been tested in your environment.

In addition, by default, all filters in the DV Toolkit (DVT) are not enabled and have no recommendation action set. More information on deploying DVT packages can be found here or by contacting Trend Micro TippingPoint Technical Assistance Center (TAC) with additional questions.

Trend Micro Affected Products

Due to the popularity and prevalence of Apache Struts, Trend Micro analyzed its own product set to see if any products may be using affected versions and would be affected by this vulnerability.

Trend Micro has confirmed that no Trend Micro products are affected by this vulnerability.

Affected Products