{"status":"success","advisory":{"_id":"683547245b16347a91c39d73","kb_acknowledgements":null,"kb_affected_list":["NetApp VASA Provider for Clustered Data ONTAP 9.7 and above","OnCommand System Manager 3.x ","Snap Creator Framework","Storage Replication Adapter for Clustered Data ONTAP for VMware vSphere 9.7 and above"],"kb_bad_data":false,"kb_cve":["CVE-2011-4461"],"kb_exploitation":"Public","kb_fixes":[{"product":"Storage Replication Adapter for Clustered Data ONTAP for VMware vSphere 9.7 and above","fixes":[{"link":"https://mysupport.netapp.com/NOW/download/software/sra_cmode/9.6/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp VASA Provider for Clustered Data ONTAP 9.7 and above","fixes":[{"link":"https://mysupport.netapp.com/NOW/download/software/vasa_cdot/9.6/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"OnCommand System Manager 3.x ","fixes":[],"instructions":null,"wontfix":true,"eos_link":"https://mysupport.netapp.com/info/communications/ECMLP2865102.html"},{"product":"Snap Creator Framework","fixes":[{"link":"https://mysupport.netapp.com/products/snapcreator/4.3.3/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null}],"kb_impact":"Successful exploitation of this vulnerability which when successfully exploited could lead to Denial of Service (DoS).","kb_internal_notes":[{"burt":"1217808","jira":"","product":"7-Mode Transition Tool"},{"burt":"1217819","jira":"","product":"Active IQ Unified Manager for Linux"},{"burt":"1217821","jira":"","product":"Active IQ Unified Manager for Microsoft Windows"},{"burt":"1217820","jira":"","product":"Active IQ Unified Manager for VMware vSphere"},{"burt":"1217810","jira":"","product":"E-Series SANtricity Management Plug-ins (VMware vCenter)"},{"burt":"1217813","jira":"","product":"E-Series SANtricity OS Controller Software 11.x"},{"burt":"1217811","jira":"","product":"E-Series SANtricity Unified Manager and Web Services Proxy"},{"burt":"","jira":"","product":"Element Plug-in for vCenter Server"},{"burt":"1217815","jira":"","product":"NetApp BlueXP"},{"burt":"","jira":"","product":"NetApp HCI Storage Nodes"},{"burt":"1217814","jira":"","product":"NetApp NFS Plug-in for VMware VAAI"},{"burt":"1217812","jira":"","product":"NetApp SANtricity Cloud Connector"},{"burt":"","jira":"","product":"NetApp SolidFire & HCI Management Node"},{"burt":"","jira":"","product":"NetApp SolidFire & HCI Storage Node (Element Software)"},{"burt":"1217234","jira":"","product":"NetApp VASA Provider for Clustered Data ONTAP 9.7 and above"},{"burt":"","jira":"ICI-5973","product":"OnCommand Insight"},{"burt":"1217816","jira":"","product":"OnCommand System Manager 3.x "},{"burt":"1217818","jira":"","product":"OnCommand Unified Manager Core Package"},{"burt":"1217824","jira":"","product":"Snap Creator Framework"},{"burt":"1217823","jira":"","product":"SnapCenter"},{"burt":"1217825","jira":"","product":"SnapManager for Oracle"},{"burt":"1217826","jira":"","product":"SnapManager for SAP"},{"burt":"1217233","jira":"","product":"Storage Replication Adapter for Clustered Data ONTAP for VMware vSphere 9.7 and above"},{"burt":"1217827","jira":"","product":"StorageGRID (formerly StorageGRID Webscale)"},{"burt":"1217817","jira":"","product":"System Manager 9.x"},{"burt":"1217235","jira":"","product":"Virtual Storage Console for VMware vSphere 9.7 and above"},{"burt":"1217822","jira":"","product":"fOnCommand Workflow Automation"}],"kb_investigating_list":[],"kb_num":"9010000","kb_ref":[],"kb_rev_history":[{"comment":"Initial Public Release","date":"20190307","version":"1.0"},{"comment":"Snap Creator Framework added to Software Versions and Fixes","date":"20190412","version":"2.0"},{"comment":"E-Series SANtricity Management Plug-ins (VMware vCenter) moved to Products Not Affected","date":"20190426","version":"3.0"},{"comment":"NetApp NFS Plug-in for VMware VAAI moved to Products Not Affected","date":"20190628","version":"4.0"},{"comment":"Storage Replication Adapter for Clustered Data ONTAP for VMware vSphere 7.2 and above, NetApp VASA Provider for Clustered Data ONTAP 7.2 and above added to Software Versions and Fixes","date":"20190821","version":"5.0"},{"comment":"Storage Services Connector moved to Affected Products","date":"20200327","version":"6.0"},{"comment":"OnCommand Cloud Manager moved to Products Not Affected","date":"20201211","version":"7.0"},{"comment":"OnCommand System Manager 3.x moved to Won't Fix status, Final status","date":"20210104","version":"8.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2011-4461":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},"kb_scoring_calc":[{"cve_id":"CVE-2011-4461","range":"MEDIUM","score":5.3,"vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"kb_status":"Final","kb_summary":"Multiple NetApp products incorporate the Eclipse Jetty server. Eclipse Jetty versions through 8.1.0.RC2 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS).","kb_title":"CVE-2011-4461 Eclipse Jetty Vulnerability in NetApp Products","kb_unaffected_list":["7-Mode Transition Tool","Active IQ Unified Manager for Linux","Active IQ Unified Manager for Microsoft Windows","Active IQ Unified Manager for VMware vSphere","Active IQ mobile app","Astra Trident","Brocade Fabric Operating System Firmware","E-Series SANtricity Management Plug-ins (VMware vCenter)","E-Series SANtricity OS Controller Software 11.x","E-Series SANtricity Storage Manager","E-Series SANtricity Unified Manager and Web Services Proxy","Element Plug-in for vCenter Server","FAS/AFF BIOS - 8300/8700/A400/C400","FAS/AFF Baseboard Management Controller (BMC) - A320/C190/A220/FAS2720/FAS2750/A800/C800/A150","FAS/AFF Service Processor - 8080/8060/8040/8020","Host Utilities - SAN for Linux","Host Utilities - SAN for Windows","IOM6 SAS Disk Shelf Firmware","MetroCluster Tiebreaker for clustered Data ONTAP","NetApp BlueXP","NetApp Cloud Backup OST Plug-in (formerly AltaVault OST Plug-in)","NetApp Converged Systems Advisor Agent","NetApp HCI Compute Node (Bootstrap OS)","NetApp HCI Compute Node BIOS","NetApp HCI Storage Nodes","NetApp Manageability SDK","NetApp NFS Plug-in for VMware VAAI","NetApp ONTAP PowerShell Toolkit (PSTK)","NetApp SANtricity Cloud Connector","NetApp SMI-S Provider","NetApp SolidFire & HCI Management Node","NetApp SolidFire & HCI Storage Node (Element Software)","ONTAP 9 (formerly Clustered Data ONTAP)","ONTAP Antivirus Connector","ONTAP Select Deploy administration utility","OnCommand Insight","OnCommand Unified Manager Core Package","Single Mailbox Recovery","SnapCenter","SnapManager for Hyper-V","SnapManager for Oracle","SnapManager for SAP","StorageGRID (formerly StorageGRID Webscale)","StorageGRID Baseboard Management Controller (BMC)","System Manager 9.x","Virtual Storage Console for VMware vSphere 9.7 and above","fOnCommand Workflow Automation"],"kb_workarounds":"None at this time.","ntap_advisory_id":"NTAP-20190307-0004","adv_id":"ntap-20190307-0004","published_date":"2019-03-07T00:00:00","updated_date":"2021-01-04T00:00:00","inserted_date":"2025-05-27T05:01:24.488000","modified_date":null}}