Symantec Backup Exec System Recovery Manager FileUpload Class Unauthorized File Upload

critical Nessus Plugin ID 30211

Synopsis

The remote web server contains a Tomcat servlet that fails to validate user input.

Description

The remote host appears to be running Symantec Backup Exec System Recovery Manager, a backup manager solution.

The version of Recovery Manager on the remote host includes the Tomcat Servlet 'FileUpload' that fails to validate the user input. An unauthenticated attacker may be able to exploit this issue to upload a jsp script to execute code on the remote host with SYSTEM privileges.

Solution

Upgrade to version 7.0.3 or later.

See Also

http://www.symantec.com/avcenter/security/Content/2008.02.04.html

Plugin Details

Severity: Critical

ID: 30211

File Name: symantec_backup_exec_system_recovery_manager_multiple.nasl

Version: 1.16

Type: remote

Family: CGI abuses

Published: 2/9/2008

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:symantec:backupexec_system_recovery

Exploit Ease: No exploit is required

Patch Publication Date: 2/4/2008

Reference Information

CVE: CVE-2008-0457

BID: 27487

CWE: 20