• The ESXi host is disconnected from the vCenter server during security vulnerability scanning, and it gets no response.

• Security scan execution process like below:

  1. Perform host liveness detection using ICMP to identify reachable assets.

  2. For reachable assets, enumerate open ports and determine the running services.

  3. Based on the identified services, send service-specific proof-of-concept (PoC) test packets to validate potential vulnerabilities. The scanner’s default concurrency is 30 (configurable).

• Following log messages in /var/run/log/hostd.log :

An application (/bin/rhttpproxy) running on ESXi host has crashed (1 time(s) so far). A core file might have been created at /var/core/rhttpproxy-zdump.000.

Analysis of the rhttpproxy core dump indicates the crash was triggered by crafted PoC packets that caused heap corruption in the rhttpproxy process, resulting in the process terminating and a core dump being generated.

Contact the security software vendor for assistance to reduce the concurrency of POC packages.