Hi All
Good day..
We are using Sep 12.1 RU1 MP1 on a windows Architecture, operating globally recent we have done a VA analysis on our site and we found that traffic from Client to SEPM console Vulnerable
Attaching the Report.
HTTP TRACE/TRACK Methods Allowed
Summary | The remote web server was identified having enabled HTTP debugging function TRACE. The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods which are used to debug web server connections. In addition, it has been shown that servers supporting the TRACE method are subject to cross-site scripting attacks, dubbed XST for "Cross-Site Tracing", when used in conjunction with various weaknesses in browsers. An attacker may use this flaw to trick your legitimate web users to give him their credentials. | |||
Severity |
| Medium | ||
Complexity | Moderate | |||
From | Remote | |||
Impact | Possible Information Disclosure | |||
Affected IP/URL(s) |
| |||
We have two Public IP that SEP clients communicating when they are out of office network over port 80 which is a http traffic. This is natted to the internal IP of SEPM.
On general settings under security Tab we have checked "Enable secure communication between the management server and clients by using digital certificates for authentication”
And we found the following on KB http://www.symantec.com/business/support/index?pag...
Data transmitted between Symantec Endpoint Protection Manager and Clients are always obfuscated using an encryption password (a.k.a. KCS key), thereby preventing malicious users from seeing the data content easily. We use the Twofish tool to encrypt the data. The Client uses the same encryption password to decrypt the data. For example, the profile.xml is zipped and then encrypted into the profile.dax file
Could anyone suggest what can the remedy?
Regards
Ajin