Discovered Vulnerabilities on SEPM 12.1 RU1 MP1
My customer has McAfee Vulnerability Manager (formerly Foundstone) and they discovered two (2) HTTP denial-of-service vulnerabilities in their SEPM 12.1 RU1 MP1 related to the Apache Tomcat server on which SEPM is built. One of those vulnerabilities is CVE-2009-5111 (I can provide the other as soon as I have it).
Has anyone ever run into a similar scenario? Unfortunately, the release notes for SEP 12.1.2 (or even prior versions) doesn't mention having those vulnerabilities remediated. What should I do? Would contacting Tech Support yield any help?