CVE-2017-5637
HIGHApache Zookeeper < 3.4.10 - Missing Authentication
Title source: ruleDescription
Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.
Exploits (1)
exploitdb
WORKING POC
by Brandon Dennis · pythondosmultiple
https://www.exploit-db.com/exploits/42294
References (12)
Scores
CVSS v3
7.5
EPSS
0.1745
EPSS Percentile
95.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-306
CWE-400
Status
published
Products (17)
apache/zookeeper
3.4.0
apache/zookeeper
3.4.1
apache/zookeeper
3.4.2
apache/zookeeper
3.4.3
apache/zookeeper
3.4.4
apache/zookeeper
3.4.5
apache/zookeeper
3.4.6
apache/zookeeper
3.4.7
apache/zookeeper
3.4.8
apache/zookeeper
3.4.9
... and 7 more
Published
Oct 10, 2017
Tracked Since
Feb 18, 2026