CVE-2017-5637 in Apache and Debian Products
Published on October 10, 2017

Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2017-5637

stack.watch emails you whenever new vulnerabilities are published in Apache Zookeeper or Debian Linux. Just hit a watch button to start following.

Apache Zookeeper

Debian Linux

Affected Versions

Apache Software Foundation Apache ZooKeeper:

Version 3.4.0 to 3.4.9 is affected.
Version 3.5.0 to 3.5.2 is affected.

Exploit Probability

EPSS

17.45%

Percentile

94.95%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2017-5637 in Apache and Debian ProductsPublished on October 10, 2017

Products Associated with CVE-2017-5637

Affected Versions

Exploit Probability

CVE-2017-5637 in Apache and Debian Products
Published on October 10, 2017