Download
| Alert*
|
oval:org.secpod.oval:def:603940
Harrison Neil discovered that the getACL command in Zookeeper, a service for maintaining configuration information, did not validate permissions, which could result in information disclosure. oval:org.secpod.oval:def:55510 Harrison Neil discovered that the getACL command in Zookeeper, a service for maintaining configuration information, did not validate permissions, which could result in information disclosure. oval:org.secpod.oval:def:1900099 No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader. oval:org.secpod.oval:def:53339 It was discovered that Zookeeper, a service for maintaining configuration information, enforced no authentication/authorisation when a server attempts to join a Zookeeper quorum. This update backports authentication support. Additional configuration steps are needed, please see https://cwiki.apache. ... oval:org.secpod.oval:def:1900804 Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5. ... |
