Описание
Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.
A denial of service vulnerability was discovered in ZooKeeper which allows an attacker to dramatically increase CPU utilization by abusing "wchp/wchc" commands, leading to the server being unable to serve legitimate requests.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss A-MQ 6 | zookeeper | Will not fix | ||
| Red Hat JBoss Fuse 6 | zookeeper | Will not fix | ||
| Red Hat OpenShift Enterprise 2 | zookeeper | Under investigation | ||
| Red Hat JBoss BPMS 6.4 | zookeeper | Fixed | RHSA-2017:3355 | 30.11.2017 |
| Red Hat JBoss BRMS 6.4 | zookeeper | Fixed | RHSA-2017:3354 | 30.11.2017 |
| Red Hat JBoss Data Virtualization 6.3 | zookeeper | Fixed | RHSA-2017:2477 | 15.08.2017 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.
Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.
Two four letter word commands "wchp/wchc" are CPU intensive and could ...
Uncontrolled Resource Consumption in Apache ZooKeeper
Уязвимость реализации команды wchp/wchc централизованной службы для поддержки информации о конфигурации, именования, обеспечения распределенной синхронизации и предоставления групповых служб Apache ZooKeeper, связанная с отсутствием аутентификации для критичной функции, позволяющая нарушителю, действующему удалённо, вызвать отказ в обслуживании
7.5 High
CVSS3