7.5

CVE-2017-5637

Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheZookeeper Version3.4.0
ApacheZookeeper Version3.4.1
ApacheZookeeper Version3.4.2
ApacheZookeeper Version3.4.3
ApacheZookeeper Version3.4.4
ApacheZookeeper Version3.4.5
ApacheZookeeper Version3.4.6
ApacheZookeeper Version3.4.7
ApacheZookeeper Version3.4.8
ApacheZookeeper Version3.4.9
ApacheZookeeper Version3.5.0
ApacheZookeeper Version3.5.1
ApacheZookeeper Version3.5.2
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 17.45% 0.948
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

http://www.securityfocus.com/bid/98814
Third Party Advisory
VDB Entry
https://issues.apache.org/jira/browse/ZOOKEEPER-2693
Vendor Advisory
Issue Tracking
Mitigation