Configuring the Apache web server to prevent denial of service attack in Symantec Endpoint Protection 12.1.2 (12.1 RU2) and later

Article:TECH205208  |  Created: 2013-04-17  |  Updated: 2014-09-29  |  Article URL
Article Type
Technical Solution



Vulnerability testing shows that Symantec Endpoint Protection Manager (SEPM) is vulnerable to a specific denial of service exploit, CVE-2007-6750, related to the lack of the mod_reqtimeout module in the Apache web server.


  • Symantec Endpoint Protection (SEP) 12.1.2 (12.1 Release Update 2, or RU2)
  • Symantec Endpoint Protection (SEP) (12.1 Release Update 2 Maintenance Patch 1, or RU2 MP1)
  • Symantec Endpoint Protection (SEP) 12.1.3 (12.1 Release Update 3, or RU3)

Later releases of the Symantec Endpoint Protection Manager are not vulnerable to this exploit.



This issue is fixed in Symantec Endpoint Protection 12.1 Release Update 4 (SEP 12.1.4).  Upgrade to take advantage of this and many other enhancements and improvements.

If it is not immediately possible to upgrade, work around this issue by implementing the module that is missing in Apache. This workaround applies only to the Symantec Endpoint Protection versions noted above. If you use a build earlier than 12.1.2, you should upgrade directly to version 12.1.4 or later.

Warning: if you implement the workaround when using version 12.1.2 and decide to upgrade to or 12.1.3, you must apply this workaround again.

To add the module to the Apache web server:

  1. Download and save to disk the module attached to this document.
  2. Copy the file into the %SEPM_Install_Dir%\apache\modules directory.
    Note: On most systems, the default SEPM installation directory is C:\Program Files\Symantec\Symantec Endpoint Protection Manager.
  3. Open %SEPM_Install_Dir%\apache\conf\httpd.conf with a plain text editor such as Notepad, and then add the following lines to the bottom:
    LoadModule reqtimeout_module modules/
    <IfModule reqtimeout_module>
    RequestReadTimeout header=20-30,MinRate=256 body=100-120,MinRate=512

    Note: The default configuration settings for mod_reqtimeout are basic settings. You may want to further adjust them for your needs. For more info, see the following page:
  4. Restart the Symantec Endpoint Protection Manager Webserver service.



The file (19 kBytes)

Supplemental Materials

Value3147778, 3147764, 3147776

Article URL

Terms of use for this information are found in Legal Notices