Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2008-0457

Published: 07/02/2008 Updated: 15/10/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Symantec

Vulnerability Summary

Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote malicious users to upload and execute arbitrary JSP files via unknown vectors.

Vulnerable Product Search on Vulmon Subscribe to Product

symantec backupexec system recovery 7.01

symantec backupexec system recovery 7.0

Exploits

Exploit DB: Backup Exec System Recovery Manager 7.0.1 - Arbitrary File Upload
<?xml version="10"?> <html xmlns="wwww3org/1999/xhtml"> <head><title>File Upload POC</title></head> <body> <h2> Backup Exec System Recovery Manager 70<br>File Upload POC</h2> <form action="<TARGET>:8443/axis/FileUpload" method="post" enctype="multipa ...
Exploit DB: Symantec Backup Exec System Recovery Manager 7.0 - FileUpload Class Unauthorized File Upload
source: wwwsecurityfocuscom/bid/27487/info Symantec Backup Exec System Recovery Manager is prone to a vulnerability that allows arbitrary unauthorized files to be uploaded to any location on the affected server This issue resides in the Symantec LiveState Apache Tomcat server Attackers can leverage it to execute arbitrary code with SYS ...

References

CWE-20http://seer.entsupport.symantec.com/docs/297171.htmhttp://www.symantec.com/avcenter/security/Content/2008.02.04.htmlhttp://www.securityfocus.com/bid/27487http://secunia.com/advisories/28787http://www.zerodayinitiative.com/advisories/ZDI-08-003.htmlhttp://www.securitytracker.com/id?1019303http://www.vupen.com/english/advisories/2008/0413https://www.exploit-db.com/exploits/5078http://www.securityfocus.com/archive/1/487688/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/5078/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook