CVE-2017-5637

HIGH

Apache ZooKeeper 3.4.0-3.4.9 and 3.5.0-3.5.2 - Unauthenticated Denial of Service via wchp/wchc Commands

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-5637. PoCs published by Brandon Dennis.

AI-analyzed exploit summary This exploit targets Apache Zookeeper 3.5.2 by sending the 'wchp' and 'wchc' commands to port 2181, causing a denial of service due to high CPU usage. It uses multiple threads to amplify the effect.

Description

Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.

Exploits (1)

exploitdb WORKING POC

by Brandon Dennis · pythondosmultiple

https://www.exploit-db.com/exploits/42294

View Code ZIP pw:eip

This exploit targets Apache Zookeeper 3.5.2 by sending the 'wchp' and 'wchc' commands to port 2181, causing a denial of service due to high CPU usage. It uses multiple threads to amplify the effect.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Apache Zookeeper 3.5.2

No auth needed

Prerequisites: Network access to Zookeeper port 2181

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12

Core References

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/58170aeb7a681d462b7fa31cae81110cbb749d2dc83c5736a0bb8370%40%3Cdev.zookeeper.apache.org%3E

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/98814

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2017:3355

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2017:3354

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2017:2477

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2017/dsa-3871

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E

Vendor Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpujul2020.html

Issue Tracking, Mitigation, Vendor Advisory x_refsource_confirm

https://issues.apache.org/jira/browse/ZOOKEEPER-2693

Vendor Advisory x_refsource_misc

https://www.oracle.com//security-alerts/cpujul2021.html

Scores

CVSS v3 7.5

EPSS 0.1745

EPSS Percentile 95.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-306 CWE-400

Status published

Products (17)

apache/zookeeper 3.4.0

apache/zookeeper 3.4.1

apache/zookeeper 3.4.2

apache/zookeeper 3.4.3

apache/zookeeper 3.4.4

apache/zookeeper 3.4.5

apache/zookeeper 3.4.6

apache/zookeeper 3.4.7

apache/zookeeper 3.4.8

apache/zookeeper 3.4.9

... and 7 more

Published Oct 10, 2017

Tracked Since Feb 18, 2026