Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache UIMA DUCC: DUCC (EOL) allows RCE
Vulnerability Description
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache UIMA DUCC. When using the "Distributed UIMA Cluster Computing" (DUCC) module of Apache UIMA, an authenticated user that has the permissions to modify core entities can cause command execution as the system user that runs the web process. As the "Distributed UIMA Cluster Computing" module for UIMA is retired, we do not plan to release a fix for this issue. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Information
N/A
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
Apache UIMA DUCC 命令注入漏洞
Vulnerability Description
Apache UIMA DUCC是美国阿帕奇(Apache)基金会的一套集群管理系统。该系统提供工具,管理和调度工具。 Apache UIMA DUCC存在命令注入漏洞,该漏洞源于使用DUCC模块时。攻击者利用该漏洞作为运行 Web 进程的系统用户导致命令执行。
CVSS Information
N/A
Vulnerability Type
N/A