Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
secunia.com/advisories/28787
seer.entsupport.symantec.com/docs/297171.htm
www.securityfocus.com/archive/1/487688/100/0/threaded
www.securityfocus.com/bid/27487
www.securitytracker.com/id?1019303
www.symantec.com/avcenter/security/Content/2008.02.04.html
www.vupen.com/english/advisories/2008/0413
www.zerodayinitiative.com/advisories/ZDI-08-003.html
www.exploit-db.com/exploits/5078