返回 CVE 浏览器

CVE-2008-0457

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1770%

EPSS Percentile6.47th

Published2008年2月7日

Last Modified2026年4月23日

Vulnerability Description

Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.

Affected Platforms (CPE)

📦

Symantec

Backupexec System Recovery

= 7.0

📦

Symantec

Backupexec System Recovery

= 7.01

References & Advisories

🔗 http://secunia.com/advisories/28787

🔗 http://seer.entsupport.symantec.com/docs/297171.htm

🔗 http://www.securityfocus.com/archive/1/487688/100/0/threaded

🔗 http://www.securityfocus.com/bid/27487

🔗 http://www.securitytracker.com/id?1019303

🔗 http://www.symantec.com/avcenter/security/Content/2008.02.04.html

🔗 http://www.vupen.com/english/advisories/2008/0413

🔗 http://www.zerodayinitiative.com/advisories/ZDI-08-003.html

相关漏洞威胁

CVE-2007-23597.2

Buffer overflow in Ghost Service Manager, as used in Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and Backup...

CVE-2007-23606.8

Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote bac...

CVE-2007-23614.9

Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote bac...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...