Configuring the Apache web server to prevent denial of service attack in Symantec Endpoint Protection 12.1.2 (12.1 RU2) and later
|Article:TECH205208|||||Created: 2013-04-17|||||Updated: 2014-09-29|||||Article URL http://www.symantec.com/docs/TECH205208|
Vulnerability testing shows that Symantec Endpoint Protection Manager (SEPM) is vulnerable to a specific denial of service exploit, CVE-2007-6750, related to the lack of the
- Symantec Endpoint Protection (SEP) 12.1.2 (12.1 Release Update 2, or RU2)
- Symantec Endpoint Protection (SEP) 184.108.40.206 (12.1 Release Update 2 Maintenance Patch 1, or RU2 MP1)
- Symantec Endpoint Protection (SEP) 12.1.3 (12.1 Release Update 3, or RU3)
Later releases of the Symantec Endpoint Protection Manager are not vulnerable to this exploit.
This issue is fixed in Symantec Endpoint Protection 12.1 Release Update 4 (SEP 12.1.4). Upgrade to take advantage of this and many other enhancements and improvements.
If it is not immediately possible to upgrade, work around this issue by implementing the module that is missing in Apache. This workaround applies only to the Symantec Endpoint Protection versions noted above. If you use a build earlier than 12.1.2, you should upgrade directly to version 12.1.4 or later.
Warning: if you implement the workaround when using version 12.1.2 and decide to upgrade to 220.127.116.11 or 12.1.3, you must apply this workaround again.
To add the module to the Apache web server:
- Download and save to disk the
mod_reqtimeout.somodule attached to this document.
- Copy the file into the
Note: On most systems, the default SEPM installation directory is
C:\Program Files\Symantec\Symantec Endpoint Protection Manager.
%SEPM_Install_Dir%\apache\conf\httpd.confwith a plain text editor such as Notepad, and then add the following lines to the bottom:
LoadModule reqtimeout_module modules/mod_reqtimeout.so
RequestReadTimeout header=20-30,MinRate=256 body=100-120,MinRate=512
Note: The default configuration settings for
mod_reqtimeoutare basic settings. You may want to further adjust them for your needs. For more info, see the following page:
- Restart the Symantec Endpoint Protection Manager Webserver service.
|Value||3147778, 3147764, 3147776|
Article URL http://www.symantec.com/docs/TECH205208