This article provides a workaround for security issues related to Apache Struts by disabling the performance charts service in vCenter Server 6.0. Critical vulnerabilities in Apache Struts that affect VMware products are documented in
VMware Security Advisories.
Please sign up at our
Security-Announce mailing list to receive new and updated VMware Security Advisories.
The workarounds described in the Solution section of this article apply to the following versions of vCenter Server:
- VMware vCenter Server Appliance 6.0
- VMware vCenter Server 6.0
Warning: The workaround for vCenter 6.5 and vCenter 6.7 has been documented separately in
KB 57716. Do
NOT apply the workaround below to vCenter 6.5 or 6.7.
Functionality Impact: Users will not be able to view the Overview Performance Charts in vSphere Web Client. The advanced performance charts and the vCenter Server API for extracting performance statistics are not impacted. At the time of publication, these are the only known functionality impacts associated with disabling this feature.