cpe:/a:symantec:backupexec_system_recovery:7.0 cpe:/a:symantec:backupexec_system_recovery:7.01 CVE-2008-0457 2008-02-07T16:00:00.000-05:00 2017-09-28T21:30:17.473-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-02-08T11:35:00.000-05:00 ALLOWS_ADMIN_ACCESS SECTRACK 1019303 BUGTRAQ 20080206 ZDI-08-003: Symantec Backup Exec Remote File Upload Vulnerability BID 27487 SECUNIA 28787 EXPLOIT-DB 5078 VUPEN ADV-2008-0413 CONFIRM http://seer.entsupport.symantec.com/docs/297171.htm CONFIRM http://www.symantec.com/avcenter/security/Content/2008.02.04.html MISC http://www.zerodayinitiative.com/advisories/ZDI-08-003.html Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.