Vulnerability

CVE-2017-5637

 Report advisory or correction

CVSS Score 7.5 high

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-306

References

https://vulners.com/exploitdb/EDB-ID:41277
https://github.com/apache/zookeeper/pull/183
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5637

[CVE-2017-5637] CWE-306: Missing Authentication for Critical Function

Description

Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.

See org.apache.zookeeper/zookeeper package information