Prevent denial of service attack in Symantec Endpoint Protection


Article ID: 157906


Updated On:


Endpoint Protection


Vulnerability scanners report that the Symantec Endpoint Protection Manager (SEPM) is vulnerable to denial of service exploits CVE-2007-6750, and CVE-2009-5111.


This problem is fixed in Symantec Endpoint Protection 12.1 Release Update 4 (SEP 12.1.4).  To obtain the latest version of SEP, see Download the latest version of Symantec Endpoint Protection.


If you cannot upgrade, work around the problem by implementing in the SEPM Apache server. This workaround only applies to 12.1.2 or newer managers. There is no workaround available for pre-12.1.2 managers.

Warning: If you implement the workaround, you must re-apply the workaround after migrating to or 12.1.3. You will not need to reapply the workaround after migrating to 12.1.4 or later.

  1. Download and save to disk the module attached to this document.
  2. Copy the file into the %SEPM_Install_Dir%\apache\modules directory.
    Note: On most systems, the default SEPM installation directory is C:\Program Files\Symantec\Symantec Endpoint Protection Manager.
  3. Open %SEPM_Install_Dir%\apache\conf\httpd.conf with a plain text editor such as Notepad, and then add the following lines to the bottom:
    LoadModule reqtimeout_module modules/
    <IfModule reqtimeout_module>
    RequestReadTimeout header=20-30,MinRate=256 body=100-120,MinRate=512

    Note: The default configuration settings for mod_reqtimeout are basic settings. You may want to further adjust them for your needs. For more info, see the following page:
  4. Restart the Symantec Endpoint Protection Manager Webserver service.


Note: Symantec does not provide Antivirus (AV), SONAR or Intrusion Prevention System (IPS) signatures specifically to protect against CVE-2007-6750, or CVE-2009-5111.

Attachments get_app