Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0457

CWE-20Improper Input Validation5 documents4 sources
Severity
10.0CRITICAL
EPSS
29.8%
top 3.37%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Symantec Backupexec System Recovery
Timeline
PublishedFeb 7
Latest updateMay 1

Description

Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

Patches

Patch: seer.entsupport.symantec.comPatch: www.symantec.comPatch: seer.entsupport.symantec.com

🔴Vulnerability Details

2
GHSA
GHSA-8wh6-mr76-hmrp: Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec2022-05-01
CVEList
CVE-2008-0457: Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec2008-02-07

💥Exploits & PoCs

2
Exploit-DB
Backup Exec System Recovery Manager 7.0.1 - Arbitrary File Upload2008-02-07
Exploit-DB
Symantec Backup Exec System Recovery Manager 7.0 - FileUpload Class Unauthorized File Upload2007-01-05
CVE-2008-0457 (CRITICAL CVSS 10) | Unrestricted file upload vulnerabil | cvebase.io