[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2017-5637":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":112,"aliases":127,"duplicate_of":9,"upstream":129,"downstream":130,"duplicates":143,"related":144,"reserved_at":9,"published_at":146,"modified_at":147,"state":148,"summary":149,"references_raw":157,"kevs":242,"epss":243,"epss_history":246,"metrics":491,"affected":503},"CVE-2017-5637","Two four letter word commands \"wchp/wchc\" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.",null,[11,40],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-306","Missing Authentication for Critical Function","The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.","weakness","Draft","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-12","Choosing Message Identifier",[],{"id":25,"name":26,"techniques":27},"CAPEC-166","Force the System to Reset Values",[],{"id":29,"name":30,"techniques":31},"CAPEC-216","Communication Channel Manipulation",[],{"id":33,"name":34,"techniques":35},"CAPEC-36","Using Unpublished Interfaces or Functionality",[],{"id":37,"name":38,"techniques":39},"CAPEC-62","Cross Site Request Forgery",[],{"_key":41,"id":41,"name":42,"description":43,"type":15,"status":16,"abstraction":44,"likelihood_of_exploit":18,"capec":45},"CWE-400","Uncontrolled Resource Consumption","The product does not properly control the allocation and maintenance of a limited resource.","Class",[46,50,108],{"id":47,"name":48,"techniques":49},"CAPEC-147","XML Ping of the Death",[],{"id":51,"name":52,"techniques":53},"CAPEC-227","Sustained Client Engagement",[54],{"id":55,"name":56,"tactics":57,"countermeasures":61},"T1499","Endpoint Denial of Service",[58],{"id":59,"name":60},"TA0105","Impact",[62,67,71,75,79,83,87,91,95,99,104],{"id":63,"name":64,"tactic":65},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":66},"Detect",{"id":68,"name":69,"tactic":70},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":66},{"id":72,"name":73,"tactic":74},"D3-CSPP","Client-server Payload Profiling",{"name":66},{"id":76,"name":77,"tactic":78},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":66},{"id":80,"name":81,"tactic":82},"D3-NTSA","Network Traffic Signature Analysis",{"name":66},{"id":84,"name":85,"tactic":86},"D3-APCA","Application Protocol Command Analysis",{"name":66},{"id":88,"name":89,"tactic":90},"D3-NTCD","Network Traffic Community Deviation",{"name":66},{"id":92,"name":93,"tactic":94},"D3-RTSD","Remote Terminal Session Detection",{"name":66},{"id":96,"name":97,"tactic":98},"D3-ISVA","Inbound Session Volume Analysis",{"name":66},{"id":100,"name":101,"tactic":102},"D3-NTF","Network Traffic Filtering",{"name":103},"Isolate",{"id":105,"name":106,"tactic":107},"D3-ITF","Inbound Traffic Filtering",{"name":103},{"id":109,"name":110,"techniques":111},"CAPEC-492","Regular Expression Exponential Blowup",[],[113],{"_key":114,"name":115,"source":116,"url":117,"maturity":118,"reliability_score":119,"verified":120,"type":121,"platforms":122,"requires_auth":9,"exploitdb":124,"metasploit":9},"42294","Zookeeper 3.5.2 Client - Denial of Service","exploit-database","https://www.exploit-db.com/exploits/42294","poc",0.5,false,"dos",[123],"multiple",{"verified":120,"type":121,"platform":123,"file":125,"codes":126},"exploits/multiple/dos/42294.py",[7],[128],"GHSA-7cwj-j333-x7f7",[],[131,133,135,137,139,141],{"_key":132},"SUSE-SU-2020:1066-1",{"_key":134},"DLA-986-1",{"_key":136},"DSA-3871-1",{"_key":138},"UBUNTU-CVE-2017-5637",{"_key":140},"DEBIAN-CVE-2017-5637",{"_key":142},"USN-4789-1",[],[145],{"_key":132},"2017-10-10T01:00:00.000Z","2024-09-17T00:16:26.240Z","Modified",{"cisa_kev":120,"cisa_ransomware":120,"cisa_vendor":9,"epss_severity":150,"epss_score":151,"severity":152,"severity_score":153,"severity_version":154,"severity_source":155,"severity_vector":156,"severity_status":148},"medium",0.17446,"high",7.5,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[158,165,174,180,184,188,193,197,201,205,210,217,221,226,230,234,238],{"url":159,"sources":160,"tags":162},"https://lists.apache.org/thread.html/58170aeb7a681d462b7fa31cae81110cbb749d2dc83c5736a0bb8370%40%3Cdev.zookeeper.apache.org%3E",[161,155],"cve.org",[163,164],"Mailing List","X Refsource MLIST",{"url":166,"sources":167,"tags":169},"http://www.securityfocus.com/bid/98814",[161,155,168],"osv_maven",[170,171,172,173],"VDB Entry","X Refsource BID","Third Party Advisory","WEB",{"url":175,"sources":176,"tags":177},"https://access.redhat.com/errata/RHSA-2017:3355",[161,155,168],[178,179,173],"Vendor Advisory","X Refsource REDHAT",{"url":181,"sources":182,"tags":183},"https://access.redhat.com/errata/RHSA-2017:3354",[161,155,168],[178,179,173],{"url":185,"sources":186,"tags":187},"https://access.redhat.com/errata/RHSA-2017:2477",[161,155,168],[178,179,173],{"url":189,"sources":190,"tags":191},"http://www.debian.org/security/2017/dsa-3871",[161,155,168],[178,192,172,173],"X Refsource DEBIAN",{"url":194,"sources":195,"tags":196},"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E",[161,155],[163,164],{"url":198,"sources":199,"tags":200},"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E",[161,155],[163,164],{"url":202,"sources":203,"tags":204},"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E",[161,155],[163,164],{"url":206,"sources":207,"tags":208},"https://www.oracle.com/security-alerts/cpujul2020.html",[161,155,168],[209,173],"X Refsource MISC",{"url":211,"sources":212,"tags":213},"https://issues.apache.org/jira/browse/ZOOKEEPER-2693",[161,155,168],[214,215,216,178,173],"X Refsource CONFIRM","Issue Tracking","Mitigation",{"url":218,"sources":219,"tags":220},"https://www.oracle.com//security-alerts/cpujul2021.html",[161,155,168],[209,173],{"url":222,"sources":223,"tags":224},"https://nvd.nist.gov/vuln/detail/CVE-2017-5637",[168],[225],"Advisory",{"url":227,"sources":228,"tags":229},"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E",[168],[173],{"url":231,"sources":232,"tags":233},"https://lists.apache.org/thread.html/58170aeb7a681d462b7fa31cae81110cbb749d2dc83c5736a0bb8370@%3Cdev.zookeeper.apache.org%3E",[168],[173],{"url":235,"sources":236,"tags":237},"https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E",[168],[173],{"url":239,"sources":240,"tags":241},"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E",[168],[173],[],{"date":244,"score":151,"percentile":245},"2026-06-04",0.95196,[247,251,254,257,260,263,265,268,270,272,274,277,279,282,285,289,291,294,297,300,303,305,308,311,314,317,320,322,325,327,330,332,335,338,341,344,347,350,353,356,358,361,364,367,370,373,376,379,381,383,385,388,391,393,396,399,401,403,406,409,412,415,418,421,423,425,428,430,432,434,436,438,440,443,446,449,451,453,455,458,461,464,467,470,473,476,479,482,485,488],{"date":248,"score":249,"percentile":250},"2025-11-04",0.16885,0.9468,{"date":252,"score":249,"percentile":253},"2025-11-05",0.94678,{"date":255,"score":249,"percentile":256},"2025-11-06",0.94679,{"date":258,"score":249,"percentile":259},"2025-11-07",0.94681,{"date":261,"score":249,"percentile":262},"2025-11-08",0.94677,{"date":264,"score":249,"percentile":262},"2025-11-09",{"date":266,"score":249,"percentile":267},"2025-11-10",0.94676,{"date":269,"score":249,"percentile":262},"2025-11-11",{"date":271,"score":249,"percentile":250},"2025-11-12",{"date":273,"score":249,"percentile":259},"2025-11-13",{"date":275,"score":249,"percentile":276},"2025-11-14",0.94683,{"date":278,"score":249,"percentile":253},"2025-11-15",{"date":280,"score":249,"percentile":281},"2025-11-16",0.94682,{"date":283,"score":151,"percentile":284},"2025-11-17",0.94792,{"date":286,"score":287,"percentile":288},"2025-11-18",0.42957,0.97333,{"date":290,"score":287,"percentile":288},"2025-11-19",{"date":292,"score":287,"percentile":293},"2025-11-20",0.97335,{"date":295,"score":151,"percentile":296},"2025-11-21",0.94797,{"date":298,"score":151,"percentile":299},"2025-11-22",0.94795,{"date":301,"score":151,"percentile":302},"2025-11-23",0.94796,{"date":304,"score":151,"percentile":296},"2025-11-24",{"date":306,"score":151,"percentile":307},"2025-11-25",0.948,{"date":309,"score":151,"percentile":310},"2025-11-26",0.94802,{"date":312,"score":151,"percentile":313},"2025-11-27",0.94804,{"date":315,"score":151,"percentile":316},"2025-11-28",0.94801,{"date":318,"score":151,"percentile":319},"2025-11-29",0.94805,{"date":321,"score":151,"percentile":313},"2025-11-30",{"date":323,"score":151,"percentile":324},"2025-12-01",0.9485,{"date":326,"score":151,"percentile":324},"2025-12-02",{"date":328,"score":151,"percentile":329},"2025-12-03",0.94851,{"date":331,"score":151,"percentile":319},"2025-12-04",{"date":333,"score":151,"percentile":334},"2025-12-05",0.94808,{"date":336,"score":151,"percentile":337},"2025-12-06",0.9481,{"date":339,"score":151,"percentile":340},"2025-12-07",0.94816,{"date":342,"score":151,"percentile":343},"2025-12-08",0.94815,{"date":345,"score":151,"percentile":346},"2025-12-09",0.9482,{"date":348,"score":151,"percentile":349},"2025-12-10",0.94827,{"date":351,"score":151,"percentile":352},"2025-12-11",0.9483,{"date":354,"score":151,"percentile":355},"2025-12-12",0.94833,{"date":357,"score":151,"percentile":355},"2025-12-13",{"date":359,"score":151,"percentile":360},"2025-12-14",0.94832,{"date":362,"score":151,"percentile":363},"2025-12-15",0.94835,{"date":365,"score":151,"percentile":366},"2025-12-16",0.94837,{"date":368,"score":151,"percentile":369},"2025-12-17",0.9484,{"date":371,"score":151,"percentile":372},"2025-12-18",0.94841,{"date":374,"score":151,"percentile":375},"2025-12-19",0.94842,{"date":377,"score":151,"percentile":378},"2025-12-20",0.94844,{"date":380,"score":151,"percentile":378},"2025-12-21",{"date":382,"score":151,"percentile":375},"2025-12-22",{"date":384,"score":151,"percentile":375},"2025-12-23",{"date":386,"score":151,"percentile":387},"2025-12-24",0.94847,{"date":389,"score":151,"percentile":390},"2025-12-25",0.94853,{"date":392,"score":151,"percentile":390},"2025-12-26",{"date":394,"score":151,"percentile":395},"2025-12-27",0.9488,{"date":397,"score":151,"percentile":398},"2025-12-28",0.94849,{"date":400,"score":151,"percentile":398},"2025-12-29",{"date":402,"score":151,"percentile":324},"2025-12-30",{"date":404,"score":151,"percentile":405},"2025-12-31",0.94854,{"date":407,"score":151,"percentile":408},"2026-01-01",0.94895,{"date":410,"score":151,"percentile":411},"2026-01-02",0.9489,{"date":413,"score":151,"percentile":414},"2026-01-03",0.94887,{"date":416,"score":151,"percentile":417},"2026-01-04",0.94848,{"date":419,"score":151,"percentile":420},"2026-01-05",0.94846,{"date":422,"score":151,"percentile":420},"2026-01-06",{"date":424,"score":151,"percentile":387},"2026-01-07",{"date":426,"score":151,"percentile":427},"2026-01-08",0.94852,{"date":429,"score":151,"percentile":390},"2026-01-09",{"date":431,"score":151,"percentile":427},"2026-01-10",{"date":433,"score":151,"percentile":329},"2026-01-11",{"date":435,"score":151,"percentile":329},"2026-01-12",{"date":437,"score":151,"percentile":398},"2026-01-13",{"date":439,"score":151,"percentile":405},"2026-01-14",{"date":441,"score":151,"percentile":442},"2026-01-15",0.94855,{"date":444,"score":151,"percentile":445},"2026-01-16",0.94858,{"date":447,"score":151,"percentile":448},"2026-01-17",0.94859,{"date":450,"score":151,"percentile":445},"2026-01-18",{"date":452,"score":151,"percentile":442},"2026-01-19",{"date":454,"score":151,"percentile":448},"2026-01-20",{"date":456,"score":151,"percentile":457},"2026-01-21",0.94861,{"date":459,"score":151,"percentile":460},"2026-01-22",0.94863,{"date":462,"score":151,"percentile":463},"2026-01-23",0.94868,{"date":465,"score":151,"percentile":466},"2026-01-24",0.94873,{"date":468,"score":151,"percentile":469},"2026-01-25",0.94875,{"date":471,"score":151,"percentile":472},"2026-01-26",0.94877,{"date":474,"score":151,"percentile":475},"2026-01-27",0.94876,{"date":477,"score":151,"percentile":478},"2026-01-28",0.94879,{"date":480,"score":151,"percentile":481},"2026-01-29",0.94881,{"date":483,"score":151,"percentile":484},"2026-01-30",0.94882,{"date":486,"score":151,"percentile":487},"2026-01-31",0.94884,{"date":489,"score":151,"percentile":490},"2026-02-01",0.94918,[492,501],{"source":155,"cvss_v2_0":493,"cvss_v3_0":498,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":494,"baseSeverity":9,"vectorString":495,"impactScore":496,"exploitabilityScore":497},5,"AV:N/AC:L/Au:N/C:N/I:N/A:P",2.9,10,{"baseScore":153,"baseSeverity":499,"vectorString":156,"impactScore":500,"exploitabilityScore":497},"HIGH",6,{"source":168,"cvss_v2_0":9,"cvss_v3_0":502,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":153,"baseSeverity":9,"vectorString":156,"impactScore":500,"exploitabilityScore":497},[504,515,546,554],{"ecosystem":9,"name":505,"vendor":506,"product":507,"cpe_part":508,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":509},"Apache ZooKeeper","apache software foundation","apache zookeeper","a",[510,513],{"version":511,"is_range":120,"range_type":161,"version_start":511,"version_start_type":512,"version_end":511,"version_end_type":512,"fixed_in":9},"3.4.0 to 3.4.9","including",{"version":514,"is_range":120,"range_type":161,"version_start":514,"version_start_type":512,"version_end":514,"version_end_type":512,"fixed_in":9},"3.5.0 to 3.5.2",{"ecosystem":9,"name":516,"vendor":517,"product":516,"cpe_part":508,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":518},"zookeeper","apache",[519,522,524,526,528,530,532,534,536,538,540,542,544],{"version":520,"is_range":120,"range_type":521,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.4.0","cpe",{"version":523,"is_range":120,"range_type":521,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.4.1",{"version":525,"is_range":120,"range_type":521,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.4.2",{"version":527,"is_range":120,"range_type":521,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.4.3",{"version":529,"is_range":120,"range_type":521,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.4.4",{"version":531,"is_range":120,"range_type":521,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.4.5",{"version":533,"is_range":120,"range_type":521,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.4.6",{"version":535,"is_range":120,"range_type":521,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.4.7",{"version":537,"is_range":120,"range_type":521,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.4.8",{"version":539,"is_range":120,"range_type":521,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.4.9",{"version":541,"is_range":120,"range_type":521,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.5.0",{"version":543,"is_range":120,"range_type":521,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.5.1",{"version":545,"is_range":120,"range_type":521,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.5.2",{"ecosystem":9,"name":547,"vendor":548,"product":549,"cpe_part":550,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":551},"debian linux","debian","debian_linux","o",[552],{"version":553,"is_range":120,"range_type":521,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",{"ecosystem":555,"name":556,"vendor":557,"product":516,"cpe_part":9,"purl_type":558,"purl_namespace":557,"purl_name":516,"source":9,"versions":559},"Maven","org.apache.zookeeper:zookeeper","org.apache.zookeeper","maven",[560,566],{"version":561,"is_range":562,"range_type":563,"version_start":520,"version_start_type":512,"version_end":564,"version_end_type":565,"fixed_in":9},"gte3_4_0_lt3_4_10",true,"ecosystem","3.4.10","excluding",{"version":567,"is_range":562,"range_type":563,"version_start":541,"version_start_type":512,"version_end":568,"version_end_type":565,"fixed_in":9},"gte3_5_0_lt3_5_3","3.5.3"]