10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.1 High
AI Score
Confidence
Low
0.122 Low
EPSS
Percentile
95.4%
Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
secunia.com/advisories/28787
seer.entsupport.symantec.com/docs/297171.htm
www.securityfocus.com/archive/1/487688/100/0/threaded
www.securityfocus.com/bid/27487
www.securitytracker.com/id?1019303
www.symantec.com/avcenter/security/Content/2008.02.04.html
www.vupen.com/english/advisories/2008/0413
www.zerodayinitiative.com/advisories/ZDI-08-003.html
www.exploit-db.com/exploits/5078