vCenter Server 5.0/5.1 Update – CVE-2014-6593 (SKIP-TLS)

vcenter-server-logoVMware has published an update for vCenter Server 5.0 and 5.1 where CVE-2014-6593 (SKIP-TLS) has been fixed.

It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. A man-in-the-middle attacker could possibly use this flaw to force a connection to be established without encryption being enabled. The update has been already fixed in newer versions of vCenter Server (6.0a, 5.5 Update 2e). More information are available in VMSA-2015-0003.

Product: VMware vCenter Server 5.0
Release date: April 30, 2015
Version: 5.0 Update 3d
Build (Windows): 2656067
Build (Installer): 2692807
Build (Appliance): 2656066
Release Notes | Download

Product: VMware vCenter Server 5.1
Release date: April 30, 2015
Version: 5.1 Update 3a
Build (Windows): 2669725
Build (Installer): 2670344
Build (Appliance): 2670345
Release Notes | Download

If you want to get notified when new patches are released, subscribe to my blog via Email in the sidebar.

Updated: vCenter Release and Build Number History
Updated: VMware Product Latest Version

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>