Apache Zookeeper is prone to a denial-of-service vulnerability.
Attackers may leverage this issue to cause denial-of-service conditions.
Apache Zookeeper 3.4.0, 3.5.1, 3.5.2 are vulnerable.
Information
Redhat JBoss Fuse 6.0
Redhat JBoss Data Virtualization 6.3
Redhat JBoss BRMS 6.0
Redhat JBoss BPMS 6.0
Redhat JBoss A-MQ 6.0
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Apache ZooKeeper 3.5.2
Apache ZooKeeper 3.5.1
Apache ZooKeeper 3.4
Apache ZooKeeper 3.6
Apache ZooKeeper 3.5.3
Apache ZooKeeper 3.4.10
Exploit
The following proof-of-concept is available:
References:
- Apache Zookeeper Homepage (Apache)
- CVE-2017-5637 (Red Hat Bugzilla)
- Zookeeper 3.5.2 - Denial of Service (Zookeeper)
- zookeeper: Incorrect input validation with wchp/wchc four letter words (Red Hat)
- DOS attack on wchp/wchc four letter words (4lw) (Apache)
- RHSA-2017:2477 - Security Advisory (Red hat)