Vulnerability scanners report that the Symantec Endpoint Protection Manager (SEPM) is vulnerable to denial of service exploits CVE-2007-6750, and CVE-2009-5111.
This problem is fixed in Symantec Endpoint Protection 12.1 Release Update 4 (SEP 12.1.4). To obtain the latest version of SEP, see Download the latest version of Symantec Endpoint Protection.
If you cannot upgrade, work around the problem by implementing mod_reqtimeout.so in the SEPM Apache server. This workaround only applies to 12.1.2 or newer managers. There is no workaround available for pre-12.1.2 managers.
Warning: If you implement the workaround, you must re-apply the workaround after migrating to 18.104.22.168 or 12.1.3. You will not need to reapply the workaround after migrating to 12.1.4 or later.
- Download and save to disk the
mod_reqtimeout.somodule attached to this document.
- Copy the file into the
Note: On most systems, the default SEPM installation directory is
C:\Program Files\Symantec\Symantec Endpoint Protection Manager.
%SEPM_Install_Dir%\apache\conf\httpd.confwith a plain text editor such as Notepad, and then add the following lines to the bottom:
LoadModule reqtimeout_module modules/mod_reqtimeout.so
RequestReadTimeout header=20-30,MinRate=256 body=100-120,MinRate=512
Note: The default configuration settings for
mod_reqtimeoutare basic settings. You may want to further adjust them for your needs. For more info, see the following page:
- Restart the Symantec Endpoint Protection Manager Webserver service.
Note: Symantec does not provide Antivirus (AV), SONAR or Intrusion Prevention System (IPS) signatures specifically to protect against CVE-2007-6750, or CVE-2009-5111.
The mod_reqtimeout.so file
mod_reqtimeout.so (18.9 KB)