Title: Symantec Backup Exec System Recovery Manager FileUpload Class Unauthorized File Upload Vulnerability
Severity: CRITICAL
Description:
Symantec Backup Exec System Recovery Manager is prone to a vulnerability that allows arbitrary unauthorized files to be uploaded to any location on the affected server.
This issue resides in the Symantec LiveState Apache Tomcat server. Attackers can leverage it to execute arbitrary code with SYSTEM-level privileges. Attackers can upload files via a specially crafted HTTP POST request.
A successful attack will completely compromise affected computers.
Affected Products:
- Symantec Backup Exec System Recovery Manager 7.0
- Symantec Backup Exec System Recovery Manager 7.0.1
References:
- Symantec: FileShare - Secure Document Exchange
- Symantec: SYM08-001 Symantec Backup Exec System Recovery Manager - Unauthorized File Uploa
- Symantec: Symantec Backup Exec Homepage
- Symantec: Symantec Security Advisory SYM08-001 - Unauthorized script can be uploaded to Sy
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
