10
CVE-2008-0457
- EPSS 11.86%
- Veröffentlicht 07.02.2008 21:00:00
- Zuletzt bearbeitet 16.06.2026 22:49:40
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Symantec ≫ Backupexec System Recovery Version7.0
Symantec ≫ Backupexec System Recovery Version7.01
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 11.86% | 0.956 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://secunia.com/advisories/28787
http://seer.entsupport.symantec.com/docs/297171.htm
http://www.securityfocus.com/archive/1/487688/100/0/threaded
http://www.securityfocus.com/bid/27487
http://www.securitytracker.com/id?1019303
http://www.symantec.com/avcenter/security/Content/2008.02.04.html
http://www.vupen.com/english/advisories/2008/0413
http://www.zerodayinitiative.com/advisories/ZDI-08-003.html
https://www.exploit-db.com/exploits/5078