For vCenter Server versions on Windows that have a partial fix, installing the additional patch completes the fix for CVE-2015-2342. This patch is installed by running the attached script or by manually replacing the vSphere Web Client configuration file (wrapper.conf).
Warning: The additional patch can be applied only to the vCenter Server versions on Windows that have a partial fix. If the patch is applied to a version of vCenter Server that has no fix or a complete fix, the system will no longer function properly.
Steps to programmatically replace the vSphere Web Client configuration file
The script stops the vSphere Web Client service, and creates a back up of the wrapper.conf file in the directory. The script makes the necessary changes to the wrapper.conf file, and restarts the vSphere Web Client service. It generates a log file in the same directory where the command was executed.
- Download the JMX-Scripts-V2.zip script from the attachment.
- Unzip the package in the Windows machine where the vSphere Web Client is installed, and check the SHA-1 checksum of the individual files.
Note: Checksum information is available at the bottom of this section.
- Launch the command prompt with administrator privileges.
- Use the script that matches with your installed VMware vSphere Web Client version.
- VMware vSphere Web Client 5.0 update 3e - JMXScript5.0.vbs
- VMware vSphere Web Client 5.1 update 3b - JMXScript5.1.vbs
- VMware vSphere Web Client 5.5 update 3, 3a, and 3b - JMXScript5.5.vbs
- Run the following command:
cscript JMXScript5.<x>.vbs "<location_of_wrapper.conf_file>"
You must enter the location of the wrapper.conf file within double quotes. The default location of the wrapper.conf file on Windows environment is:
- For vCenter Server 5.0: C:\Program Files\VMware\Infrastructure\vSphereWebClient\DMServer\bin\service\conf\wrapper.conf
- For vCenter Server 5.1: C:\Program Files\VMware>\Infrastructure\vSphereWebClient\server\bin\service\conf\wrapper.conf
- For vCenter Server 5.5: C:\Program Files\VMware>\Infrastructure\vSphereWebClient\server\bin\service\conf\wrapper.conf
Important: Check for the Finish script execution message in the jmxscript.log file to confirm the execution of the script. Location of the log file is same as the folder from where the script is executed.
For custom vSphere Web Client locations, provide the wrapper.conf file path as input in the cscript command.
Steps to manually replace the vSphere Web Client configuration file
For vCenter Server 5.5 Update 3, 5.5 Update 3a and 5.5 Update 3b
- Stop the VMware vSphere Web Client service on the Windows machine where it is installed. For more information, see Stopping, starting, or restarting VMware vCenter Server services (1003895).
- Take a back up of the wrapper.conf file, and save the file as wrapper.conf-backup.
Note: The default file location: C:\Program Files\VMware\Infrastructure\vSphereWebClient\server\bin\service\conf\wrapper.conf.
- Download the attached 2144428_wrapper.conf-AP5.5.zip and extract the file, check its SHA-1 checksum.
Note: Checksum information is available at the bottom of this section.
- Copy it to: C:\Program Files\VMware\Infrastructure\vSphereWebClient\server\bin\service\conf.
- Rename the wrapper.conf-AP5.5 file as wrapper.conf.
- Start the VMware vSphere Web Client service.
For vCenter Server 5.1 Update 3b
- Stop the VMware vSphere Web Client service on the Windows machine where it is installed. For more information, see Stopping, starting, or restarting VMware vCenter Server services (1003895).
- Take a back up of the wrapper.conf file, and save the file as wrapper.conf-backup.
Note: The Default file location: C:\Program Files\VMware\Infrastructure\vSphereWebClient\server\bin\service\conf\wrapper.conf.
- Download the attached 2144428_wrapper.conf-AP5.1.zip and extract the file, check its SHA-1 checksum.
Note: Checksum information is available at the bottom of this section.
- Copy it to: C:\Program Files\VMware\Infrastructure\vSphereWebClient\server\bin\service\conf.
- Rename the wrapper.conf-AP5.1 file as wrapper.conf.
- Start the VMware vSphere Web Client service.
For vCenter Server 5.0 Update 3e
- Stop the VMware vSphere Web Client service on the Windows machine where it is installed.
- Take a back up of the wrapper.conf file, and save the file as wrapper.conf-backup.
Default file location: C:\Program Files\VMware\Infrastructure\vSphereWebClient\DMServer\bin\service\conf\wrapper.conf.
- Download the attached 2144428_wrapper.conf-AP5.0.zip and extract the file, check its SHA-1 checksum.
Note: Checksum information is available at the bottom of this section.
- Copy it to: C:\Program Files\VMware\Infrastructure\vSphereWebClient\DMServer\bin\service\conf.
- Rename the wrapper.conf-AP5.0 file as wrapper.conf.
- Start the VMware vSphere Web Client service.
Note: After applying the additional patch, the VMware vSphere Web Client service does not listen on port 9875. Any Windows Firewall rules that open the port 9875 can be deleted manually.
SHA-1 Checksums
- JMXSCript5.0-md5: EE089F61369E0B10C7AF64B293CCAD54
- JMXSCript5.1-md5: 68578DC725E322454FF4EE403FA8026E
- JMXSCript5.5-md5: DA5AD368D7C8C77BDB12F20F01A3779C
SHA-1 Checksums for individual wrapper.conf files
- wrapper.conf-AP5.0: d72dcad1e3ad7e27846916308aa416ab
- wrapper.conf-AP5.1: 29cfef283bdd8f71035ab15fed8d57c9
- wrapper.conf-AP5.5: a191b225dddebd25ac80582f429f6f2c
Additional Information
For translated versions of this article, see: