CVE-2017-5637
high-risk
Published 2017-10-10
Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.
Do I need to act?
!
17.4% chance of exploitation in next 30 days
EPSS score — higher than 83% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (14)
Zookeeper
Zookeeper
Zookeeper
Zookeeper
Zookeeper
Zookeeper
Zookeeper
Zookeeper
Zookeeper
Zookeeper
Zookeeper
Zookeeper
Zookeeper
References (24)
Third Party Advisory
http://www.debian.org/security/2017/dsa-3871
Third Party Advisory
http://www.securityfocus.com/bid/98814
Issue Tracking
https://issues.apache.org/jira/browse/ZOOKEEPER-2693
Third Party Advisory
http://www.debian.org/security/2017/dsa-3871
Third Party Advisory
http://www.securityfocus.com/bid/98814
Issue Tracking
https://issues.apache.org/jira/browse/ZOOKEEPER-2693
and 4 more references
57
/ 100
high-risk
Severity
26/34 · High
Exploitability
13/34 · Low
Exposure
18/34 · Moderate