SSL: Symantec Backup Exec System Recovery Manager Unauthorized File Upload
This signature detects attempts to exploit a known vulnerability against Symantec Backup Exec System Recovery Manager. Attackers can execute arbitrary commands in the security context of the service process.
Extended Description
Symantec Backup Exec System Recovery Manager is prone to a vulnerability that allows arbitrary unauthorized files to be uploaded to any location on the affected server. This issue resides in the Symantec LiveState Apache Tomcat server. Attackers can leverage it to execute arbitrary code with SYSTEM-level privileges and completely compromise affected computers.
Affected Products
Symantec backup_exec_system_recovery_manager
Short Name
SSL:SYMC-BACKUP-EXEC
Severity
Major
Recommended
False
Recommended Action
Drop
Category
SSL
Keywords
Backup CVE-2008-0457 Exec File Manager Recovery Symantec System Unauthorized Upload bid:27487
Release Date
12/21/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Symantec
CVSS Score
10.0