OpenSSL's Heartbeat extension was found to have this vulnerability, which, when exploited, can allow cybercriminals to steal critical information from a server. With OpenSSL being utilized by many websites and applications, the potential victim count of this vulnerability may be very large. Exploitation of this vulnerability may also leave no trace, which would make victim counts and damage estimates difficult to create.
TREND MICRO PROTECTION INFORMATION
Trend Micro Deep Security customers should upgrade to DSRU-14-009 and assign the following rules:
Administrators of NGINX web servers running PHP-FPM are advised to patch a vulnerability (CVE-2019-11043) that can let threat actors execute remote code on vulnerable, NGINX-enabled web servers. Here’s what you need to know.