Endpoint Protection Small Business Edition

 View Only

  • 1.  SEPM Reported Vulnerability

    Posted Mar 15, 2012 03:42 PM

    Hi all,

    I regularly run Nessus scans on all my boxes along with other tools for monthly security reports.  However my Symantec Endpoint Protection Manager 12.1 server has been found with the following apache vulnerability reported in Nessus:

    The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections. 

    I know Symantec has altered apache to make it their own, but I wanted to know if anyone has a fix for this?

    I tried altering the httpd.conf with a rewrite engine condition and rule and the symantec webserver service didn't like that much and wouldn't start back up

     

    Thanks for your time 



  • 2.  RE: SEPM Reported Vulnerability

    Posted Mar 15, 2012 06:35 PM

    SEPM most likely uses that to allow clients to send their logs and statuses. And the scripts that you can able to send to the SEPM servr is quite limited. You also need to have a remote management console to be able to send commands.



  • 3.  RE: SEPM Reported Vulnerability

    Posted Mar 15, 2012 07:43 PM

    HI,

     

    Can you please share the exact vulnerability with us.



  • 4.  RE: SEPM Reported Vulnerability

    Posted Mar 16, 2012 10:20 AM

    Yeah here's a more complete output of the report:

     

    Synopsis: Debugging functions are enabled on the remote web server.



     

    Description
The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections.



    Solution
Disable these methods. Refer to the plugin output for more information.



    See Also
http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
http://www.apacheweek.com/issues/03-01-24
http://www.kb.cert.org/vuls/id/288308
http://www.kb.cert.org/vuls/id/867593
http://download.oracle.com/sunalerts/1000718.1.html



    Risk Factor: Medium



    CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)



    CVSS Temporal Score
3.9 (CVSS2#E:F/RL:W/RC:C)



    Plugin Output
To disable these methods, add the following lines for each virtual
host in your configuration file :



    RewriteEngine on
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* - [F]



    Alternatively, note that Apache versions 1.3.34, 2.0.55, and 2.2
support disabling the TRACE method natively via the 'TraceEnable'
directive.