Hello,
I have been tasked with closing a vulnerability in our esxi 5.5 vcenter deployment which would allow arbitrary code to run without authentication or encryption.
When I set wrapper.java.additional.2=-Dcom.sun.management.jmxremote.authenticate=true and wrapper.java.additional.7=-Dcom.sun.management.jmxremote.ssl=true in the wrapper.conf file, and comment out the original 'false' entries, when I restart vSphere web client, it won't come back up and the following error comes up in noUser.log:
com.vmware.vise.extensionfw.impl.SpringBundleDeployer Error creating a JMX connection to dm Server java.io.IOException: Failed to retrieve RMIServer stub: javax.naming.CommunicationException [Root exception is java.rmi.UnmarshalException: error unmarshalling return; nested exception is:
So setting JMX to authenticate and use SSL breaks the connection and the web client fails to come up. Any idea how to set it up so jmxremote uses ssl and password authentication?
Guess I sort of answered by own question. I have to install some patches and this will be taken care of. There's a CVE and patch response from VMware.
Never mind!
Guess I sort of answered by own question. I have to install some patches and this will be taken care of. There's a CVE and patch response from VMware.
Never mind!