Published: 07/02/2008 Updated: 15/10/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

Vulnerability Summary

Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Access Complexity: LOW
Authentication: NONE
Access Vector: NETWORK
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Affected Products

Vendor Product Versions
SymantecBackupexec System Recovery7.0, 7.01

EDB Exploits