CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-8012
https://notcve.org/view.php?id=CVE-2018-8012
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader. No se aplica autenticación/autorización cuando un servidor intenta unirse a un quorum en Apache ZooKeeper en versiones anteriores a la 3.4.10 y 3.5.0-alpha hasta 3.5.3-beta. Como resultado, un endpoint arbitrario podría unirse al clúster y comenzar a propagar cambios falsos al líder. • http://www.securityfocus.com/bid/104253 http://www.securitytracker.com/id/1040948 https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393%40%3Cdev.zookeeper.apache.org%3E https://lists.apache.org/thread.html/r73daf1fc5d85677d9a854707e1908d14e174b7bbb0c603709c0ab33f%40%3Coak-commits.jackrabb • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 4%CPEs: 14EXPL: 1CVE-2017-5637 – Zookeeper 3.5.2 Client - Denial of Service
https://notcve.org/view.php?id=CVE-2017-5637
Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later. Dos comandos con palabras de cuatro letras "wchp/wchc" provocan un gran consumo de CPU y podrían dar lugar a que se alcance el máximo uso de CPU en el servidor Apache ZooKeeper si se abusa de ellos, lo que da lugar a que el servidor quede deshabilitado para servir a peticiones de clientes legítimos. Las versiones de la 3.4.9 a la 3.5.2 de Apache ZooKeeper tienen este problema, que fue solucionado en las versiones 3.4.10, 3.5.3 y posteriores. A denial of service vulnerability was discovered in ZooKeeper which allows an attacker to dramatically increase CPU utilization by abusing "wchp/wchc" commands, leading to the server being unable to serve legitimate requests. • https://www.exploit-db.com/exploits/42294 http://www.debian.org/security/2017/dsa-3871 http://www.securityfocus.com/bid/98814 https://access.redhat.com/errata/RHSA-2017:2477 https://access.redhat.com/errata/RHSA-2017:3354 https://access.redhat.com/errata/RHSA-2017:3355 https://issues.apache.org/jira/browse/ZOOKEEPER-2693 https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/58170aeb7a681 • CWE-20: Improper Input Validation CWE-306: Missing Authentication for Critical Function CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 1CVE-2016-5017
https://notcve.org/view.php?id=CVE-2016-5017
Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string. Desbordamiento de búfer en el shell C cli en Apache Zookeeper en versiones anteriores a 3.4.9 y 3.5.x en versiones anteriores a 3.5.3, cuando se utiliza la sintaxis por lotes "cmd:", permite a atacantes tener impacto no especificado a través de una cadena de comandos larga. • http://packetstormsecurity.com/files/138755/ZooKeeper-3.4.8-3.5.2-Buffer-Overflow.html http://www.openwall.com/lists/oss-security/2016/09/17/3 http://www.securityfocus.com/bid/93044 https://git-wip-us.apache.org/repos/asf?p=zookeeper.git%3Ba=commitdiff%3Bh=27ecf981a15554dc8e64a28630af7a5c9e2bdf4f https://git-wip-us.apache.org/repos/asf?p=zookeeper.git%3Ba=commitdiff%3Bh=f09154d6648eeb4ec5e1ac8a2bacbd2f8c87c14a https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •