Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Directory traversal vulnerability in the Jetty Web server that is embedded in earlier Update Manager 4.x versions (2001146)

Details

The Jetty Web server that is embedded in certain versions of VMware vCenter Update Manager might be vulnerable to a directory traversal attack. The vulnerability is not present in Update Manager 5.0, Update Manager 4.1 Update 2, and Update 4.0 Update 4. All earlier versions are affected.

The issue is due to the way the Jetty Web Server in Update Manager is configured. It is a variant of the directory traversal issue that was addressed in earlier versions of VMware Update Manager. See VMSA-2010-0012 for additional information. The Common Vulnerabilities and Exposures project has assigned the name CVE-2011-4404 to this issue.

Solution

Upgrade to a later version of Update Manager to resolve the issue.

Upgrading to a later version of Update Manager

In all affected Update Manager versions, you can resolve the issue by upgrading to one of the following versions:
  • Update Manager 5.0
  • Update Manager 4.1 Update 2
  • Update 4.0 Update 4
Upgrade procedures for the different versions are available in the Update Manager documentation.
  • For more information about upgrading to Update Manager 5.0, see Installing and Administering VMware vSphere Update Manager.
  • For more information about upgrading to Update Manager 4.1 Update 2, see the VMware vCenter Update Manager Installation and Administration Guide for Update Manager 4.1.x.
  • For more information about upgrading to Update Manager 4.0 Update 4, see the VMware vCenter Update Manager Installation and Administration Guide for Update Manager 4.0.x.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 0 Ratings
Actions
KB: