CVE-2008-0457

2008-02-0721:00:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2008-0457

file upload vulnerability

symantec

apache tomcat

remote attack

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.1 High

AI Score

Confidence

Low

0.122 Low

EPSS

Percentile

95.4%

JSON

Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.

Affected configurations

NVD

Node

symantecbackupexec_system_recoveryMatch7.0

symantecbackupexec_system_recoveryMatch7.01

CPENameOperatorVersion
symantec:backupexec_system_recoverysymantec backupexec system recoveryeq7.0
symantec:backupexec_system_recoverysymantec backupexec system recoveryeq7.01

CPE	Name	Operator	Version
symantec:backupexec_system_recovery	symantec backupexec system recovery	eq	7.0
symantec:backupexec_system_recovery	symantec backupexec system recovery	eq	7.01