CVE-2008-0457
published 2008-02-07CVE-2008-0457: Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System…
PriorityP264critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
11.86%
95.6th percentile
Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| symantec | backupexec_system_recovery | — | — |
| symantec | backupexec_system_recovery | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated multipart/form-data POST requests to the /axis/FileUpload endpoint on port 8443 of the Symantec LiveState Apache Tomcat server. ↗
- →Alert on JSP files being written to the web server filesystem via the FileUpload class, as exploitation results in remote code execution with SYSTEM-level privileges. ↗
- →Detect arbitrary file uploads to any server path via the FileUpload endpoint; the 'Remote Path' parameter allows the attacker to specify the destination directory. ↗
- ·The exploit targets Symantec Backup Exec System Recovery Manager versions 7.0 and 7.0.1 specifically; the vulnerable endpoint is the FileUpload class on the bundled Symantec LiveState Apache Tomcat server. ↗
- ·The vulnerability is unauthenticated (unauthorized); no credentials are required to reach the /axis/FileUpload endpoint. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Backup Exec System Recovery Manager 7.0.1 - Arbitrary File Upload
exploitdb·2008-02-07
CVE-2008-0457 Backup Exec System Recovery Manager 7.0.1 - Arbitrary File Upload
Backup Exec System Recovery Manager 7.0.1 - Arbitrary File Upload
---
File Upload POC
Backup Exec System Recovery Manager 7.0File Upload POC
:8443/axis/FileUpload" method="post"
enctype="multipart/form-data">
Remote Path:
File to upload:
(c)BastardLabs 2008.
# milw0rm.com [2008-02-07]
Exploit-DB
Symantec Backup Exec System Recovery Manager 7.0 - FileUpload Class Unauthorized File Upload
exploitdb·2007-01-05
CVE-2008-0457 Symantec Backup Exec System Recovery Manager 7.0 - FileUpload Class Unauthorized File Upload
Symantec Backup Exec System Recovery Manager 7.0 - FileUpload Class Unauthorized File Upload
---
source: https://www.securityfocus.com/bid/27487/info
Symantec Backup Exec System Recovery Manager is prone to a vulnerability that allows arbitrary unauthorized files to be uploaded to any location on the affected server.
This issue resides in the Symantec LiveState Apache Tomcat server. Attackers can leverage it to execute arbitrary code with SYSTEM-level privileges and completely compromise affected computers.
File Upload POC
Backup Exec System Recovery Manager 7.0File Upload POC
Remote Path:
File to upload:
(c)BastardLabs 2008.
No writeups or analysis indexed.
http://secunia.com/advisories/28787http://seer.entsupport.symantec.com/docs/297171.htmhttp://www.securityfocus.com/archive/1/487688/100/0/threadedhttp://www.securityfocus.com/bid/27487http://www.securitytracker.com/id?1019303http://www.symantec.com/avcenter/security/Content/2008.02.04.htmlhttp://www.vupen.com/english/advisories/2008/0413http://www.zerodayinitiative.com/advisories/ZDI-08-003.htmlhttps://www.exploit-db.com/exploits/5078http://secunia.com/advisories/28787http://seer.entsupport.symantec.com/docs/297171.htmhttp://www.securityfocus.com/archive/1/487688/100/0/threadedhttp://www.securityfocus.com/bid/27487http://www.securitytracker.com/id?1019303http://www.symantec.com/avcenter/security/Content/2008.02.04.htmlhttp://www.vupen.com/english/advisories/2008/0413http://www.zerodayinitiative.com/advisories/ZDI-08-003.htmlhttps://www.exploit-db.com/exploits/5078
2008-02-07
Published