The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
Directory traversal vulnerability in the Jetty Web server that is embedded in earlier Update Manager 4.x versions (2001146)
The issue is due to the way the Jetty Web Server in Update Manager is configured. It is a variant of the directory traversal issue that was addressed in earlier versions of VMware Update Manager. See VMSA-2010-0012 for additional information. The Common Vulnerabilities and Exposures project has assigned the name CVE-2011-4404 to this issue.
Upgrading to a later version of Update ManagerIn all affected Update Manager versions, you can resolve the issue by upgrading to one of the following versions:
- Update Manager 5.0
- Update Manager 4.1 Update 2
- Update 4.0 Update 4
- For more information about upgrading to Update Manager 5.0, see Installing and Administering VMware vSphere Update Manager.
- For more information about upgrading to Update Manager 4.1 Update 2, see the VMware vCenter Update Manager Installation and Administration Guide for Update Manager 4.1.x.
- For more information about upgrading to Update Manager 4.0 Update 4, see the VMware vCenter Update Manager Installation and Administration Guide for Update Manager 4.0.x.
Request a Product Feature
To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.