Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability

Apache Zookeeper is prone to a denial-of-service vulnerability.

Attackers may leverage this issue to cause denial-of-service conditions.

Apache Zookeeper 3.4.0, 3.5.1, 3.5.2 are vulnerable.


Bugtraq ID: 98814
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2017-5637

Remote: Yes
Local: No
Published: Feb 07 2017 12:00AM
Updated: Oct 04 2017 10:01AM
Credit: Patrick Hunt
Vulnerable: Redhat JBoss Middleware Text-Only Advisories for MIDDLEWARE 0
Redhat JBoss Fuse 6.0
Redhat JBoss Data Virtualization 6.3
Redhat JBoss BRMS 6.0
Redhat JBoss BPMS 6.0
Redhat JBoss A-MQ 6.0
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Apache ZooKeeper 3.5.2
Apache ZooKeeper 3.5.1
Apache ZooKeeper 3.4

Not Vulnerable: Redhat JBoss Data Virtualization 6.3 Update 7
Apache ZooKeeper 3.6
Apache ZooKeeper 3.5.3
Apache ZooKeeper 3.4.10


The following proof-of-concept is available:

Related Posts