Unrated severityNVD Advisory· Published Feb 7, 2008· Updated Apr 23, 2026

CVE-2008-0457

Description

Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.

Affected products

Symantec/Backupexec System Recovery2 versions
cpe:2.3:a:symantec:backupexec_system_recovery:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:symantec:backupexec_system_recovery:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:backupexec_system_recovery:7.01:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seer.entsupport.symantec.com/docs/297171.htmnvdPatch
www.symantec.com/avcenter/security/Content/2008.02.04.htmlnvdPatch
www.securityfocus.com/bid/27487nvdExploit
secunia.com/advisories/28787nvdVendor Advisory
www.vupen.com/english/advisories/2008/0413nvdVendor Advisory
www.securityfocus.com/archive/1/487688/100/0/threadednvd
www.securitytracker.com/idnvd
www.zerodayinitiative.com/advisories/ZDI-08-003.htmlnvd
www.exploit-db.com/exploits/5078nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.024
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000