Vulnerability Details CVE-2008-0457
Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.298
EPSS Ranking 96.4%
CVSS Severity
CVSS v2 Score 10.0
References
- http://secunia.com/advisories/28787
- http://seer.entsupport.symantec.com/docs/297171.htm
- http://www.securityfocus.com/archive/1/487688/100/0/threaded
- http://www.securityfocus.com/bid/27487
- http://www.securitytracker.com/id?1019303
- http://www.symantec.com/avcenter/security/Content/2008.02.04.html
- http://www.vupen.com/english/advisories/2008/0413
- http://www.zerodayinitiative.com/advisories/ZDI-08-003.html
- https://www.exploit-db.com/exploits/5078
- http://secunia.com/advisories/28787
- http://seer.entsupport.symantec.com/docs/297171.htm
- http://www.securityfocus.com/archive/1/487688/100/0/threaded
- http://www.securityfocus.com/bid/27487
- http://www.securitytracker.com/id?1019303
- http://www.symantec.com/avcenter/security/Content/2008.02.04.html
- http://www.vupen.com/english/advisories/2008/0413
- http://www.zerodayinitiative.com/advisories/ZDI-08-003.html
- https://www.exploit-db.com/exploits/5078
Products affected by CVE-2008-0457
-
cpe:2.3:a:symantec:backupexec_system_recovery:7.0
-
cpe:2.3:a:symantec:backupexec_system_recovery:7.01