Trend Micro ServerProtect Extracted File Count Exceed Scan Bypass Weakness

Trend Micro ServerProtect Extracted File Count Exceed Scan Bypass Weakness

Trend Micro ServerProtect is prone to a scan-bypass weakness.

The issue presents itself because the default value for the 'extracted file count exceeds' setting is specified to 500, allowing an attacker to create a zipped folder containing more than 500 files and malicious code file that will bypass scanning.

Trend Micro ServerProtect 5.58 is reportedly vulnerable to this issue. Other versions may be vulnerable as well.