zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patrick Hunt <ph...@apache.org>
Subject ZooKeeper DOS exploit published
Date Tue, 14 Feb 2017 03:37:06 GMT
Hi folks. The following exploit was recently published on the web and has
come to our attention, it details a ZooKeeper DOS attack against certain
four letter words (4lw), possible when the client port is exposed to
untrusted actors:


Typically we address security issues on the security@ private mailing list,
publishing a fixed release before publicly releasing the exploit, however
in this case given the information is publicly available already we decided
there's little point to keeping it on security@ exclusively.

A JIRA has been created to track this issue:
we expect to include a patch to address in 3.4.10 and 3.5.3.


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message