Apache HTTP Server HttpOnly Cookie Information Disclosure vulnerability detected!
Created: 13 Feb 2013 | Updated: 13 Feb 2013 | 8 comments
This issue has been solved. See solution.
Hi, our server picked up this vulnerability yesterday and there is no information on how to mitigate it on Symantec's website. Can anyone tell me where this comes from and how to fix it?
We are using SEP 12.1.1000.157 RU1.
Thanks
Dan
Discussion Filed Under:
Comments 8 Comments • Jump to latest comment
Meaning you did a vulnerability scan of the SEPM server and this was found?
This is a vulnerability in Apache so you need to upgrade to Apache HTTP Server version 2.2.22 or later
http://www.securityspace.com/smysecure/catid.html?...
Although I'm not sure if you can just upgrade Apache without affecting the SEPM. You need to confirm with Symantec
SEP Knowledge Base
Endpoint SWAT
Thank you, Brian, I will pass this on to our vulnerability experts.
Dan
We use a product called Qualysguard Security & Compliance Suite and a scan was run on one of our servers that has Symantec Endpoint Protection installed on it, and this is what it detected.
Yea we do the same thing. The fix is easy (upgrade to latest version of apache) but Symantec would need to be consulted to find out what would be consequences. Usually they would just patch it when a new SEPM version is out. But if you can't wait and need to comply with policy, I would contact them now and tell them what is going on.
Also, you are on an old version of SEPM. The latest is 12.1 RU2 so this may be fixed with an upgrade of the SEPM. I would call and confirm.
SEP Knowledge Base
Endpoint SWAT
Very good advice, thank you again.
Glad to help.
SEP Knowledge Base
Endpoint SWAT
Hi Brian,
Question for you - can we upgrade Apache web server to the latest version for Windows without breaking SEPM?
That's what I'm not exactly sure about so you should call Symantec to confirm.
SEP Knowledge Base
Endpoint SWAT
Would you like to reply?
Login or Register to post your comment.