CVE-2017-5637
Zookeeper 3.5.2 Client - Denial of Service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.
Dos comandos con palabras de cuatro letras "wchp/wchc" provocan un gran consumo de CPU y podrían dar lugar a que se alcance el máximo uso de CPU en el servidor Apache ZooKeeper si se abusa de ellos, lo que da lugar a que el servidor quede deshabilitado para servir a peticiones de clientes legítimos. Las versiones de la 3.4.9 a la 3.5.2 de Apache ZooKeeper tienen este problema, que fue solucionado en las versiones 3.4.10, 3.5.3 y posteriores.
A denial of service vulnerability was discovered in ZooKeeper which allows an attacker to dramatically increase CPU utilization by abusing "wchp/wchc" commands, leading to the server being unable to serve legitimate requests.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-01-29 CVE Reserved
- 2017-07-02 First Exploit
- 2017-08-15 CVE Published
- 2023-11-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
- CWE-306: Missing Authentication for Critical Function
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (15)
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/42294 | 2017-07-02 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.debian.org/security/2017/dsa-3871 | 2023-11-07 | |
https://access.redhat.com/errata/RHSA-2017:2477 | 2023-11-07 | |
https://access.redhat.com/errata/RHSA-2017:3354 | 2023-11-07 | |
https://access.redhat.com/errata/RHSA-2017:3355 | 2023-11-07 | |
https://issues.apache.org/jira/browse/ZOOKEEPER-2693 | 2023-11-07 | |
https://access.redhat.com/security/cve/CVE-2017-5637 | 2017-11-30 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1454808 | 2017-11-30 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Zookeeper Search vendor "Apache" for product "Zookeeper" | 3.4.0 Search vendor "Apache" for product "Zookeeper" and version "3.4.0" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Zookeeper Search vendor "Apache" for product "Zookeeper" | 3.4.1 Search vendor "Apache" for product "Zookeeper" and version "3.4.1" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Zookeeper Search vendor "Apache" for product "Zookeeper" | 3.4.2 Search vendor "Apache" for product "Zookeeper" and version "3.4.2" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Zookeeper Search vendor "Apache" for product "Zookeeper" | 3.4.3 Search vendor "Apache" for product "Zookeeper" and version "3.4.3" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Zookeeper Search vendor "Apache" for product "Zookeeper" | 3.4.4 Search vendor "Apache" for product "Zookeeper" and version "3.4.4" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Zookeeper Search vendor "Apache" for product "Zookeeper" | 3.4.5 Search vendor "Apache" for product "Zookeeper" and version "3.4.5" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Zookeeper Search vendor "Apache" for product "Zookeeper" | 3.4.6 Search vendor "Apache" for product "Zookeeper" and version "3.4.6" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Zookeeper Search vendor "Apache" for product "Zookeeper" | 3.4.7 Search vendor "Apache" for product "Zookeeper" and version "3.4.7" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Zookeeper Search vendor "Apache" for product "Zookeeper" | 3.4.8 Search vendor "Apache" for product "Zookeeper" and version "3.4.8" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Zookeeper Search vendor "Apache" for product "Zookeeper" | 3.4.9 Search vendor "Apache" for product "Zookeeper" and version "3.4.9" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Zookeeper Search vendor "Apache" for product "Zookeeper" | 3.5.0 Search vendor "Apache" for product "Zookeeper" and version "3.5.0" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Zookeeper Search vendor "Apache" for product "Zookeeper" | 3.5.1 Search vendor "Apache" for product "Zookeeper" and version "3.5.1" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Zookeeper Search vendor "Apache" for product "Zookeeper" | 3.5.2 Search vendor "Apache" for product "Zookeeper" and version "3.5.2" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
|