Not vulnerable. mod_ lua is not deployed with SEPM.ĬVE-2021-39275 - Response: No impact. * We have a KB for using SEPM Apache as a reverse proxy (), and that is also not affected. * However if the customer changes the default configuration and enables forward proxy for their own use, then their site may become vulnerable since our Apache httpd versions are affected. Forward proxy is not a default configuration for SEPM. I can't see how Broadcom are happy to offer security products that themselves are bundled with products that have vulnerabilities, but with no solution to resolve? I was then offered to wait until 14.3 RU5 was released - but was told there was no release date! I was sent a link to Siteminder Apache upgrade (2.4.52), but this is only available as 圆4 for Windows, so no good as SEP 14.3 RU3 is x86. Now while this upgrade will resolve the Log4J vulnerability, it does not resolve the Apache issue. I opened a case with Broadcom/Arrow and after some email exchange, they suggested that I upgrade to SEP 14.3 RU3 (5427). Strategic Support Engineer | Symantec Endpoint Security Division (SES)Ī Nessus scan showed that there were vulnerabilities in Apache and Log4J. As Nessus only scans for impacted versions and not components involved SEPMs use of Apache may not be impacted. Subject: Endpoint 14.3 RU3 Vulnerabilitiesġ4.3 RU5 has an ETA of June as of right now.
0 kommentar(er)
