CVE-2008-0457

EUVD-2008-0467
Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Affected Products (NVD)
VendorProductVersion
symantecbackupexec_system_recovery
7.0
symantecbackupexec_system_recovery
7.01
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/28787
http://seer.entsupport.symantec.com/docs/297171.htm
http://www.securityfocus.com/archive/1/487688/100/0/threaded
http://www.securityfocus.com/bid/27487
http://www.securitytracker.com/id?1019303
http://www.symantec.com/avcenter/security/Content/2008.02.04.html
http://www.vupen.com/english/advisories/2008/0413
http://www.zerodayinitiative.com/advisories/ZDI-08-003.html
https://www.exploit-db.com/exploits/5078
http://secunia.com/advisories/28787
http://seer.entsupport.symantec.com/docs/297171.htm
http://www.securityfocus.com/archive/1/487688/100/0/threaded
http://www.securityfocus.com/bid/27487
http://www.securitytracker.com/id?1019303
http://www.symantec.com/avcenter/security/Content/2008.02.04.html
http://www.vupen.com/english/advisories/2008/0413
http://www.zerodayinitiative.com/advisories/ZDI-08-003.html
https://www.exploit-db.com/exploits/5078