CVE-2008-0457

Symantec Backup Exec Remote File Upload Vulnerability

Severity Score

10.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.

Una vulnerabilidad de carga de archivos sin restricciones en la clase FileUpload que se ejecuta en el servidor Symantec LiveState Apache Tomcat, tal y como es usado por Symantec Backup Exec System Recovery Manager versiones 7.0 y 7.0.1, permite a los atacantes remotos cargar y ejecutar archivos JSP arbitrarios por medio de vectores de ataque desconocidos.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Backup Exec System Recovery Manager. Authentication is not required to exploit this vulnerability.
The specific flaw exists in the FileUpload class running on the Symantec LiveState Apache Tomcat server. The server is found on TCP ports 8080 and 8443. A malicious HTTP POST request can upload a JSP script to the publicly accessible web directories allowing for arbitrary code execution.

*Credits: Titon of BastardLabs

CVSS Scores

NISTv2 10.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-01-05 First Exploit
2008-01-24 CVE Reserved
2008-02-06 CVE Published
2024-08-07 CVE Updated
2024-11-03 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation

CAPEC

References (10)

URL	Tag	Source
http://www.securityfocus.com/archive/1/487688/100/0/threaded	Mailing List
http://www.securitytracker.com/id?1019303	Vdb Entry
http://www.zerodayinitiative.com/advisories/ZDI-08-003.html	X_refsource_misc

URL	Date	SRC
https://www.exploit-db.com/exploits/5078	2024-08-07
https://www.exploit-db.com/exploits/31072	2007-01-05
http://www.securityfocus.com/bid/27487	2024-08-07

URL	Date	SRC
http://seer.entsupport.symantec.com/docs/297171.htm	2018-10-15
http://www.symantec.com/avcenter/security/Content/2008.02.04.html	2018-10-15

URL	Date	SRC
http://secunia.com/advisories/28787	2018-10-15
http://www.vupen.com/english/advisories/2008/0413	2018-10-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Symantec Search vendor "Symantec"		Backupexec System Recovery Search vendor "Symantec" for product "Backupexec System Recovery"				7.0 Search vendor "Symantec" for product "Backupexec System Recovery" and version "7.0"		-		Affected
Symantec Search vendor "Symantec"		Backupexec System Recovery Search vendor "Symantec" for product "Backupexec System Recovery"				7.01 Search vendor "Symantec" for product "Backupexec System Recovery" and version "7.01"		-		Affected