7.5

CVE-2017-5637

Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheZookeeper Version3.4.0
ApacheZookeeper Version3.4.1
ApacheZookeeper Version3.4.2
ApacheZookeeper Version3.4.3
ApacheZookeeper Version3.4.4
ApacheZookeeper Version3.4.5
ApacheZookeeper Version3.4.6
ApacheZookeeper Version3.4.7
ApacheZookeeper Version3.4.8
ApacheZookeeper Version3.4.9
ApacheZookeeper Version3.5.0
ApacheZookeeper Version3.5.1
ApacheZookeeper Version3.5.2
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 73.65% 0.994
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
https://access.redhat.com/errata/RHSA-2017:2477
http://www.debian.org/security/2017/dsa-3871
Third Party Advisory
http://www.securityfocus.com/bid/98814
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:3354
https://access.redhat.com/errata/RHSA-2017:3355
https://issues.apache.org/jira/browse/ZOOKEEPER-2693
Vendor Advisory
Issue Tracking
Mitigation
https://lists.apache.org/thread.html/58170aeb7a681d462b7fa31cae81110cbb749d2dc83c5736a0bb8370%40%3Cdev.zookeeper.apache.org%3E