cnvd - cnvd-2022-76232

CNVD-2022-76232

Vulnerability from cnvd - Published: 2022-11-11

Title

Apache UIMA路径遍历漏洞

Description

Apache UIMA是美国阿帕奇（Apache）基金会的一个组件化的软件架构。用于分析同终端用户相关联的大容量非结构化信息。 Apache UIMA 3.3.0及之前版本存在路径遍历漏洞，该漏洞源于相对路径遍历，攻击者可利用该漏洞使用精心设计的ZIP条目名称在指定目标目录之外创建文件。

Severity

高

Patch Name

Apache UIMA路径遍历漏洞的补丁

Patch Description

Apache UIMA是美国阿帕奇（Apache）基金会的一个组件化的软件架构。用于分析同终端用户相关联的大容量非结构化信息。 Apache UIMA 3.3.0及之前版本存在路径遍历漏洞，该漏洞源于相对路径遍历，攻击者可利用该漏洞使用精心设计的ZIP条目名称在指定目标目录之外创建文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://lists.apache.org/thread/57vk0d79j94d0lk0vol8xn935yv1shdd

Reference

https://nvd.nist.gov/vuln/detail/CVE-2022-32287

Impacted products

Name
Apache unstructured information management architecture <=3.3.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-32287",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-32287"
    }
  },
  "description": "Apache UIMA\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u7ec4\u4ef6\u5316\u7684\u8f6f\u4ef6\u67b6\u6784\u3002\u7528\u4e8e\u5206\u6790\u540c\u7ec8\u7aef\u7528\u6237\u76f8\u5173\u8054\u7684\u5927\u5bb9\u91cf\u975e\u7ed3\u6784\u5316\u4fe1\u606f\u3002\n\nApache UIMA 3.3.0\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u76f8\u5bf9\u8def\u5f84\u904d\u5386\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u7528\u7cbe\u5fc3\u8bbe\u8ba1\u7684ZIP\u6761\u76ee\u540d\u79f0\u5728\u6307\u5b9a\u76ee\u6807\u76ee\u5f55\u4e4b\u5916\u521b\u5efa\u6587\u4ef6\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a \r\nhttps://lists.apache.org/thread/57vk0d79j94d0lk0vol8xn935yv1shdd",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-76232",
  "openTime": "2022-11-11",
  "patchDescription": "Apache UIMA\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u7ec4\u4ef6\u5316\u7684\u8f6f\u4ef6\u67b6\u6784\u3002\u7528\u4e8e\u5206\u6790\u540c\u7ec8\u7aef\u7528\u6237\u76f8\u5173\u8054\u7684\u5927\u5bb9\u91cf\u975e\u7ed3\u6784\u5316\u4fe1\u606f\u3002\r\n\r\nApache UIMA 3.3.0\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u76f8\u5bf9\u8def\u5f84\u904d\u5386\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u7528\u7cbe\u5fc3\u8bbe\u8ba1\u7684ZIP\u6761\u76ee\u540d\u79f0\u5728\u6307\u5b9a\u76ee\u6807\u76ee\u5f55\u4e4b\u5916\u521b\u5efa\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache UIMA\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apache unstructured information management architecture \u003c=3.3.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-32287",
  "serverity": "\u9ad8",
  "submitTime": "2022-11-05",
  "title": "Apache UIMA\u8def\u5f84\u904d\u5386\u6f0f\u6d1e"
}

CVE-2022-32287 (GCVE-0-2022-32287)

Vulnerability from cvelistv5 – Published: 2022-11-03 00:00 – Updated: 2025-05-02 20:24

Summary

A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache UIMA Apache UIMA version 3.3.0 and prior versions. Note that PEAR files should never be installed into an UIMA installation from untrusted sources because PEAR archives are executable plugins that will be able to perform any actions with the same privileges as the host Java Virtual Machine.

Severity ?

No CVSS data available.

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

apache

References

URL

Tags

	https://lists.apache.org/thread/57vk0d79j94d0lk0v…
	http://www.openwall.com/lists/oss-security/2022/11/03/4	mailing-list

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache UIMA	Affected: Java SDK , ≤ 3.3.0 (custom)

Credits

Apache UIMA would like to thank Huangzhicong from CodeSafe Team of Legendsec at Qi'anxin Group

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:39:50.666Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/57vk0d79j94d0lk0vol8xn935yv1shdd"
          },
          {
            "name": "[oss-security] 20221103 CVE-2022-32287: Apache UIMA prior to 3.3.1 has a path traversal vulnerability when extracting (PEAR) archives",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/03/4"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-32287",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-02T20:24:12.849015Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-02T20:24:43.887Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache UIMA",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "3.3.0",
              "status": "affected",
              "version": "Java SDK",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Apache UIMA would like to thank Huangzhicong from CodeSafe Team of Legendsec at Qi\u0027anxin Group"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache UIMA Apache UIMA version 3.3.0 and prior versions. Note that PEAR files should never be installed into an UIMA installation from untrusted sources because PEAR archives are executable plugins that will be able to perform any actions with the same privileges as the host Java Virtual Machine."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "other": "low"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-03T00:00:00.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "url": "https://lists.apache.org/thread/57vk0d79j94d0lk0vol8xn935yv1shdd"
        },
        {
          "name": "[oss-security] 20221103 CVE-2022-32287: Apache UIMA prior to 3.3.1 has a path traversal vulnerability when extracting (PEAR) archives",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/03/4"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache UIMA prior to 3.3.1 has a path traversal vulnerability when extracting (PEAR) archives",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2022-32287",
    "datePublished": "2022-11-03T00:00:00.000Z",
    "dateReserved": "2022-06-03T00:00:00.000Z",
    "dateUpdated": "2025-05-02T20:24:43.887Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2022-76232

CVE-2022-32287 (GCVE-0-2022-32287)

Tags

Sightings

Nomenclature