vCenter

 View Only
  • 1.  Upgrade jetty

    Posted Oct 19, 2021 10:07 AM

    Have anybody upgraded jetty to a newer version?
    There is a vulnerability in version 9.4.34 that comes with vCenter 6.7 U3o:

    Jetty before 9.4.39, 10.0.2, 11.0.2 Denial of Service Vulnerability
    In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
    https://nvd.nist.gov/vuln/detail/CVE-2021-28165



  • 2.  RE: Upgrade jetty
    Best Answer

    Broadcom Employee
    Posted Oct 21, 2021 02:21 AM

    This was already reported. As far as I know fix for 6.7 line will be available in Nov 2021. It is supposed to be fixed in the next release on vCenter .