VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability

a. Directory traversal in third party Jetty Web server componentVMware vSphere Update Manager is an automated patch management solution for VMware ESX hosts and Microsoft virtual machines. Update Manager embeds the Jetty Web server which is a third party component. The way the Jetty Web Server in vSphere Update Manager is configured allows for directory traversal. This issue is a variant of the directory traversal issue that was addressed in earlier versions of vSphere Update Manager. See VMSA-2010-0012 for additional information. VMware would like to thank Alexey Sintsov from Digital Security Research Group for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-4404 to this issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.