Is Symantec Endpoint Protection Manager affected by CVE-2023-27522 and or CVE-2023-25690?

search cancel

Is Symantec Endpoint Protection Manager affected by CVE-2023-27522 and or CVE-2023-25690?

book

Article ID: 261737

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

You are inquiring to see if the Symantec Endpoint Protection Manager (SEPM) is affected by the Apache CVEs:

CVE-2023-27522
CVE-2023-25690

Environment

Windows Server 2012
Windows Server 2016
Windows Server 2019
Windows Server 2022

Resolution

The Symantec Endpoint Protection Manager is NOT affected by CVE-2023-27522 and or CVE-2023-25690.

CVE-2023-27522 :
The affected module mod_proxy_uwsgi is not used by SEPM

CVE-2023-25690:
In SEPM installation, mod_proxy can be enabled when reverse proxy configuration is needed by following Enabling Mac and Linux clients to download LiveUpdate content using the Apache web server as a reverse proxy
In this setup, we use neither RewriteRule nor ProxyPassMatch, which is a prerequisite for this particular vulnerability.

Additional Information

How to check whether mod_proxy_uwsgi is used by SEPM Apache.

There are two places to check for mod_proxy_uwsgi:

1. In <SEPM>\apache\modules, which is the directory storing all the Apache modules, there is no mod_proxy_uwsgi.

2. In <SEPM>\apache\conf\htpd.conf, which is the Apache configuration file that configures modules to load when Apache runs, there is no presence of mod_proxy_uwsgi.

Feedback

thumb_up Yes

thumb_down No