Vidéos d'aide de Screencast

Apache HTTP Server HttpOnly Cookie Information Disclosure vulnerability detected!

Created: 13 Fév. 2013 • Updated: 13 Fév. 2013 | 8 comments
Ce problème a été résolu. Voir la solution.

Hi, our server picked up this vulnerability yesterday and there is no information on how to mitigate it on Symantec's website.  Can anyone tell me where this comes from and how to fix it?

We are using SEP 12.1.1000.157 RU1.

Thanks

Dan

Commentaires CommentairesAccéder au dernier commentaire

l'image des Brɨan

Meaning you did a vulnerability scan of the SEPM server and this was found?

This is a vulnerability in Apache so you need to upgrade to Apache HTTP Server version 2.2.22 or later

http://www.securityspace.com/smysecure/catid.html?...

Although I'm not sure if  you can just upgrade Apache without affecting the SEPM. You need to confirm with Symantec

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

l'image des dan43

We use a product called Qualysguard Security & Compliance Suite and a scan was run on one of our servers that has Symantec Endpoint Protection installed on it, and this is what it detected.

l'image des Brɨan

Yea we do the same thing. The fix is easy (upgrade to latest version of apache) but Symantec would need to be consulted to find out what would be consequences. Usually they would just patch it when a new SEPM version is out. But if you can't wait and need to comply with policy, I would contact them now and tell them what is going on.

Also, you are on an old version of SEPM. The latest is 12.1 RU2 so this may be fixed with an upgrade of the SEPM. I would call and confirm.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
l'image des Brɨan

Glad to help.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

l'image des dan43

Hi Brian,

Question for you - can we upgrade Apache web server to the latest version for Windows without breaking SEPM?

l'image des Brɨan

That's what I'm not exactly sure about so you should call Symantec to confirm.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.