Updated: August 30, 2018
On August 22, 2018, The Apache Software Foundation issued a critical security bulletin (S2-057) after security researchers discovered a remote code execution (RCE) vulnerability in the popular open-source Java-based web application development framework.
The vulnerability has been assigned the following CVE identifier: CVE-2018-11776.
Information on Trend Micro protection/detections for this vulnerability, as well as any product information regarding potential Trend Micro products that may be affected can be found below.
Trend Micro Proactive Protection and Solutions
As with any vulnerability, Trend Micro highly recommends that users apply all critical patches and fixes that vendors provide for security issues as soon as possible. These patches will provide the strongest level of defense against any potential attacks.
Fortunately, Trend Micro has analyzed the information to see if proactive protection rules and filters may be created to help protect against potential attacks, and has deployed the following:
Product | Protection Type | Identifier |
---|---|---|
Deep Security | Intrusion Prevention Rule1 |
|
TippingPoint | DV Toolkit CSW Filter1 |
|
Deep Discovery Inspector | DDI Rule and Patterns |
|
Cloud Edge | Trend Micro DPI Turnkey Solution |
|
Anti-Malware Products | VSAPI Pattern |
|
Anti-Spware Products | Spyware (SSAPI) Pattern |
|
1 Due to the nature of the Deep Security rules and TippingPoint filters, certain environments may experience false positives. Customers are advised to review triggers in their networks and put the rules/filters in prevent mode if necessary.
Some rules in Deep Security may not be enabled by default and should be enabled manually after the rule has been tested in your environment.
In addition, by default, all filters in the DV Toolkit (DVT) are not enabled and have no recommendation action set. More information on deploying DVT packages can be found here or by contacting Trend Micro TippingPoint Technical Assistance Center (TAC) with additional questions.
Trend Micro Affected Products
Due to the popularity and prevalence of Apache Struts, Trend Micro analyzed its own product set to see if any products may be using affected versions and would be affected by this vulnerability.
Trend Micro has confirmed that no Trend Micro products are affected by this vulnerability.
Affected Products
- None
- All Trend Micro products