Vulnerability Description
Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Backupexec System Recovery | 7.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/28787Vendor Advisory
- http://seer.entsupport.symantec.com/docs/297171.htmPatch
- http://www.securityfocus.com/archive/1/487688/100/0/threaded
- http://www.securityfocus.com/bid/27487Exploit
- http://www.securitytracker.com/id?1019303
- http://www.symantec.com/avcenter/security/Content/2008.02.04.htmlPatch
- http://www.vupen.com/english/advisories/2008/0413Vendor Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-08-003.html
- https://www.exploit-db.com/exploits/5078
- http://secunia.com/advisories/28787Vendor Advisory
- http://seer.entsupport.symantec.com/docs/297171.htmPatch
- http://www.securityfocus.com/archive/1/487688/100/0/threaded
- http://www.securityfocus.com/bid/27487Exploit
- http://www.securitytracker.com/id?1019303
- http://www.symantec.com/avcenter/security/Content/2008.02.04.htmlPatch
FAQ
What is CVE-2008-0457?
CVE-2008-0457 is a vulnerability with a CVSS score of 10.0 (HIGH). Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows rem...
How severe is CVE-2008-0457?
CVE-2008-0457 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0457?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Backupexec System Recovery.