← volver
CVE-2017-5637

CVE-2017-5637

EPSS 73.7%
Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.
Productos afectados
Apache Software Foundation · Apache ZooKeeper
PoCs públicas encontradas1
exploitdbwww.exploit-db.com/exploits/42294no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://access.redhat.com/errata/RHSA-2017:2477https://access.redhat.com/errata/RHSA-2017:3354https://access.redhat.com/errata/RHSA-2017:3355https://issues.apache.org/jira/browse/ZOOKEEPER-2693https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/58170aeb7a681d462b7fa31cae81110cbb749d2dc83c5736a0bb8370%40%3Cdev.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3Ehttps://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3Ehttps://www.oracle.com/security-alerts/cpujul2020.htmlhttps://www.oracle.com//security-alerts/cpujul2021.htmlhttp://www.debian.org/security/2017/dsa-3871http://www.securityfocus.com/bid/98814