Search the VMware Knowledge Base (KB)
View by Article ID

Workaround for Apache Struts CVE-2017-5638 for vCenter Server 6.0 (2149434)

  • 21 Ratings

Details

There is a catastrophic vulnerability tracked by CVE-2017-5638. This vulnerability affects the vCenter Server Appliance and vCenter Server on Windows.
 
This article provides a workaround for the security issue CVE-2017-5638 by disabling the performance charts service. Before applying the workaround see VMSA-2017-0004 for up to date information on this vulnerability.

The following versions of  the vCenter Server Appliance and vCenter Server are impacted with the CVE-2017-5638 issue:

  • VMware vCenter Server Appliance 6.0
  • VMware vCenter Server 6.0
Functionality Impact: Users will not be able to view the Overview Performance Charts in vSphere Web Client. The advanced performance charts and the vCenter Server API for extracting performance statistics are not impacted. At the time of publication, these are the only known functionality impacts associated with disabling this feature.

Solution

This is a known issue affecting vCenter Server 6.0.

This issue is resolved in vCenter Server 6.0 U3a, available at VMware Downloads.

Warning: Updated 3/14/17:  The workaround for vCenter 6.5 has been reported to cause issues in customer environments and has been removed from this document. If a viable workaround is devised for 6.5, it will be documented in VMSA-2017-0004.

To work around this issue on vCenter Server, stop the performance charts service and disable the automatic startup of the service on reboot.

Stop the Performance Charts Service in vSphere 6.0

For the vCenter Server Appliance 6.0
  1. Connect the vCenter Server Appliance with an SSH session and root credentials.
  2. Run this command to enable access the Bash shell:

    shell.set --enabled true

  3. Type shell and press Enter.
  4. Stop the performance charts service with this command:

    service vmware-perfcharts stop

  5. (Optional) Turn off the automatic startup of the service on reboot.

    service vmware-perfcharts remove

For vCenter Server 6.0 on Windows
  1. Log in as an administrator to the Windows machine.
  2. Open the command-prompt.
  3. Stop the performance charts service.

    sc stop vmware-perfcharts

  4. (Optional) Turn off the automatic startup of the service on reboot.

    sc config vmware-perfcharts start= demand

To revert the startup type of the performance charts service to the default behavior:

  • In the vCenter Server Appliance run the command:

    /bin/ln -s /usr/lib/vmware-perfcharts/wrapper/bin/vmware-perfcharts /etc/init.d/vmware-perfcharts
    /sbin/chkconfig -add vmware-perfcharts

  • In the Windows system where vCenter Server is installed, run this command:

    sc config vmware-perfcharts start= auto

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 21 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 21 Ratings
Actions
KB: