Download
| Alert*
oval:org.secpod.oval:def:1900804
Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5. ... oval:org.secpod.oval:def:602915 It was discovered that Zookeeper, a service for maintaining configuration information, didn"t restrict access to the computationally expensive wchp/wchc commands which could result in denial of service by elevated CPU consumption. This update disables those two commands by default. The new configura ... |