Workaround for Apache Struts CVE-2017-5638 for vCenter Server 6.0
search cancel

Workaround for Apache Struts CVE-2017-5638 for vCenter Server 6.0

book

Article ID: 336034

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

There is a catastrophic vulnerability tracked by CVE-2017-5638. This vulnerability affects the vCenter Server Appliance and vCenter Server on Windows.
 
This article provides a workaround for the security issue CVE-2017-5638 by disabling the performance charts service.

The following versions of the vCenter Server Appliance and vCenter Server are impacted by the CVE-2017-5638 issue:

  • VMware vCenter Server Appliance 6.0
  • VMware vCenter Server 6.0
Functionality Impact: Users will not be able to view the Overview Performance Charts in vSphere Web Client. The advanced performance charts and the vCenter Server API for extracting performance statistics are not impacted. In addition, the Certificate-Manager replacement utility may fail due to the vmware-perfcharts service failing to start if this article is followed. The changes below have to be reverted then the Certificate-Manager utility is used to change certificates. Then follow this article again to disable the vmware-perfcharts.

At the time of publication, these are the only known functionality impacts associated with disabling this feature.



Environment

VMware vCenter Server 6.0.x

Resolution

This is a known issue affecting vCenter Server 6.0.
 
This issue is resolved in vCenter Server 6.0 U3a, available at Broadcom Downloads.
 
Warning: Updated 3/14/17: The workaround for vCenter 6.5 has been reported to cause issues in customer environments and has been removed from this document.
 
To work around this issue on the vCenter Server, stop the performance charts service and disable the automatic startup of the service on reboot.

Stop the Performance Charts Service in vSphere 6.0

For the vCenter Server Appliance 6.0
  1. Connect the vCenter Server Appliance with an SSH session and root credentials.
  2. Run this command to enable access to the Bash shell:

    shell.set --enabled true
     
  3. Type shell and press Enter.
  4. Stop the performance charts service with this command:

    service vmware-perfcharts stop

  5. (Optional) Turn off the automatic startup of the service on reboot.

    service vmware-perfcharts remove

For vCenter Server 6.0 on Windows
  1. Log in as an administrator to the Windows machine.
  2. Open the command prompt.
  3. Stop the performance charts service.

    sc stop vmware-perfcharts

  4. (Optional) Turn off the automatic startup of the service on reboot.

    sc config vmware-perfcharts start= demand

To revert the startup type of the performance charts service to the default behavior:

  • In the vCenter Server Appliance run the command:

    /bin/ln -s /usr/lib/vmware-perfcharts/wrapper/bin/vmware-perfcharts /etc/init.d/vmware-perfcharts
    /sbin/chkconfig -add vmware-perfcharts

  • In the Windows system where the vCenter Server is installed, run this command:

    sc config vmware-perfcharts start= auto
Powered by Wolken Software