CVE-2017-5637

Low

Low Medium High Critical

CVSS Score

Published: Oct 10, 2017

Last Modified: Apr 20, 2025

Vulnerability Description

Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.

Known Affected Software

14 configuration(s) from 2 vendor(s)

zookeeper

Version:

3.4.5

CPE:

cpe:2.3:a:apache:zookeeper:3.4.5:-:*:*:*:*:*:*

zookeeper

Version:

3.4.2

CPE:

cpe:2.3:a:apache:zookeeper:3.4.2:*:*:*:*:*:*:*

zookeeper

Version:

3.4.0

CPE:

cpe:2.3:a:apache:zookeeper:3.4.0:*:*:*:*:*:*:*

zookeeper

Version:

3.4.6

CPE:

cpe:2.3:a:apache:zookeeper:3.4.6:-:*:*:*:*:*:*

zookeeper

Version:

3.5.0

CPE:

cpe:2.3:a:apache:zookeeper:3.5.0:alpha:*:*:*:*:*:*

zookeeper

Version:

3.5.1

CPE:

cpe:2.3:a:apache:zookeeper:3.5.1:alpha:*:*:*:*:*:*

zookeeper

Version:

3.5.2

CPE:

cpe:2.3:a:apache:zookeeper:3.5.2:alpha:*:*:*:*:*:*

zookeeper

Version:

3.4.4

CPE:

cpe:2.3:a:apache:zookeeper:3.4.4:-:*:*:*:*:*:*

zookeeper

Version:

3.4.8

CPE:

cpe:2.3:a:apache:zookeeper:3.4.8:-:*:*:*:*:*:*

zookeeper

Version:

3.4.9

CPE:

cpe:2.3:a:apache:zookeeper:3.4.9:-:*:*:*:*:*:*

zookeeper

Version:

3.4.1

CPE:

cpe:2.3:a:apache:zookeeper:3.4.1:*:*:*:*:*:*:*

zookeeper

Version:

3.4.3

CPE:

cpe:2.3:a:apache:zookeeper:3.4.3:*:*:*:*:*:*:*

zookeeper

Version:

3.4.7

CPE:

cpe:2.3:a:apache:zookeeper:3.4.7:-:*:*:*:*:*:*

debian_linux

Version:

8.0

CPE:

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

This vulnerability affects 14 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

out of 10.0

Low

Weakness Type (CWE)

CWE-306 Top 25 #16

Missing Authentication for Critical Function

Description: The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Exploit Likelihood: High
Typical Severity: High
OWASP Top 10: A07:2021-Identification/Auth Failures
Abstraction Level: Base