{
  "threat_severity" : "Moderate",
  "public_date" : "2017-02-07T00:00:00Z",
  "bugzilla" : {
    "description" : "zookeeper: Incorrect input validation with wchp/wchc four letter words",
    "id" : "1454808",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1454808"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-20",
  "details" : [ "Two four letter word commands \"wchp/wchc\" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.", "A denial of service vulnerability was discovered in ZooKeeper which allows an attacker to dramatically increase CPU utilization by abusing \"wchp/wchc\" commands, leading to the server being unable to serve legitimate requests." ],
  "affected_release" : [ {
    "product_name" : "Red Hat JBoss BPMS 6.4",
    "release_date" : "2017-11-30T00:00:00Z",
    "advisory" : "RHSA-2017:3355",
    "cpe" : "cpe:/a:redhat:jboss_bpms:6.4",
    "package" : "zookeeper"
  }, {
    "product_name" : "Red Hat JBoss BRMS 6.4",
    "release_date" : "2017-11-30T00:00:00Z",
    "advisory" : "RHSA-2017:3354",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:6.4",
    "package" : "zookeeper"
  }, {
    "product_name" : "Red Hat JBoss Data Virtualization 6.3",
    "release_date" : "2017-08-15T00:00:00Z",
    "advisory" : "RHSA-2017:2477",
    "cpe" : "cpe:/a:redhat:jboss_data_virtualization:6.3",
    "package" : "zookeeper"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat JBoss A-MQ 6",
    "fix_state" : "Will not fix",
    "package_name" : "zookeeper",
    "cpe" : "cpe:/a:redhat:jboss_amq:6"
  }, {
    "product_name" : "Red Hat JBoss Fuse 6",
    "fix_state" : "Will not fix",
    "package_name" : "zookeeper",
    "cpe" : "cpe:/a:redhat:jboss_fuse:6"
  }, {
    "product_name" : "Red Hat OpenShift Enterprise 2",
    "fix_state" : "Under investigation",
    "package_name" : "zookeeper",
    "cpe" : "cpe:/a:redhat:openshift:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-5637\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5637" ],
  "name" : "CVE-2017-5637",
  "csaw" : false
}