CVE-2017-5637
Zookeeper 3.5.2 Client - Denial of Service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.
Dos comandos con palabras de cuatro letras "wchp/wchc" provocan un gran consumo de CPU y podrían dar lugar a que se alcance el máximo uso de CPU en el servidor Apache ZooKeeper si se abusa de ellos, lo que da lugar a que el servidor quede deshabilitado para servir a peticiones de clientes legítimos. Las versiones de la 3.4.9 a la 3.5.2 de Apache ZooKeeper tienen este problema, que fue solucionado en las versiones 3.4.10, 3.5.3 y posteriores.
A denial of service vulnerability was discovered in ZooKeeper which allows an attacker to dramatically increase CPU utilization by abusing "wchp/wchc" commands, leading to the server being unable to serve legitimate requests.
Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database. This release of Red Hat JBoss Data Virtualization 6.3 Update 7 serves as a replacement for Red Hat JBoss Data Virtualization 6.3 Update 6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-01-29 CVE Reserved
- 2017-07-02 First Exploit
- 2017-08-15 CVE Published
- 2024-09-17 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
- CWE-306: Missing Authentication for Critical Function
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (15)
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/42294 | 2017-07-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3871 | 2023-11-07 | |
| https://access.redhat.com/errata/RHSA-2017:2477 | 2023-11-07 | |
| https://access.redhat.com/errata/RHSA-2017:3354 | 2023-11-07 | |
| https://access.redhat.com/errata/RHSA-2017:3355 | 2023-11-07 | |
| https://issues.apache.org/jira/browse/ZOOKEEPER-2693 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2017-5637 | 2017-11-30 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1454808 | 2017-11-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Zookeeper Search vendor "Apache" for product "Zookeeper" | 3.4.0 Search vendor "Apache" for product "Zookeeper" and version "3.4.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Zookeeper Search vendor "Apache" for product "Zookeeper" | 3.4.1 Search vendor "Apache" for product "Zookeeper" and version "3.4.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Zookeeper Search vendor "Apache" for product "Zookeeper" | 3.4.2 Search vendor "Apache" for product "Zookeeper" and version "3.4.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Zookeeper Search vendor "Apache" for product "Zookeeper" | 3.4.3 Search vendor "Apache" for product "Zookeeper" and version "3.4.3" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Zookeeper Search vendor "Apache" for product "Zookeeper" | 3.4.4 Search vendor "Apache" for product "Zookeeper" and version "3.4.4" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Zookeeper Search vendor "Apache" for product "Zookeeper" | 3.4.5 Search vendor "Apache" for product "Zookeeper" and version "3.4.5" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Zookeeper Search vendor "Apache" for product "Zookeeper" | 3.4.6 Search vendor "Apache" for product "Zookeeper" and version "3.4.6" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Zookeeper Search vendor "Apache" for product "Zookeeper" | 3.4.7 Search vendor "Apache" for product "Zookeeper" and version "3.4.7" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Zookeeper Search vendor "Apache" for product "Zookeeper" | 3.4.8 Search vendor "Apache" for product "Zookeeper" and version "3.4.8" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Zookeeper Search vendor "Apache" for product "Zookeeper" | 3.4.9 Search vendor "Apache" for product "Zookeeper" and version "3.4.9" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Zookeeper Search vendor "Apache" for product "Zookeeper" | 3.5.0 Search vendor "Apache" for product "Zookeeper" and version "3.5.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Zookeeper Search vendor "Apache" for product "Zookeeper" | 3.5.1 Search vendor "Apache" for product "Zookeeper" and version "3.5.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Zookeeper Search vendor "Apache" for product "Zookeeper" | 3.5.2 Search vendor "Apache" for product "Zookeeper" and version "3.5.2" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||