cbcvebase.
CVE-2008-0457
published 2008-02-07

CVE-2008-0457: Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System…

PriorityP264critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
11.86%
95.6th percentile
Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.

Affected

2 ranges
VendorProductVersion rangeFixed in
symantecbackupexec_system_recovery
symantecbackupexec_system_recovery

Detection & IOCsextracted from sources · hover to see the quote

url:8443/axis/FileUpload
port8443
path/axis/FileUpload
  • Monitor for unauthenticated multipart/form-data POST requests to the /axis/FileUpload endpoint on port 8443 of the Symantec LiveState Apache Tomcat server.
  • Alert on JSP files being written to the web server filesystem via the FileUpload class, as exploitation results in remote code execution with SYSTEM-level privileges.
  • Detect arbitrary file uploads to any server path via the FileUpload endpoint; the 'Remote Path' parameter allows the attacker to specify the destination directory.
  • ·The exploit targets Symantec Backup Exec System Recovery Manager versions 7.0 and 7.0.1 specifically; the vulnerable endpoint is the FileUpload class on the bundled Symantec LiveState Apache Tomcat server.
  • ·The vulnerability is unauthenticated (unauthorized); no credentials are required to reach the /axis/FileUpload endpoint.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.