In association with heise online

« previous | next »
7 February 2008, 12:20

Vulnerability in Symantec's Backup Exec System Recovery Manager

A vulnerability in Symantec's Backup Exec System Recovery Manager allows attackers to remotely inject malicious code onto a server and execute it without authentication. The product is an enterprise level centralised backup and recovery system for networked hosts.

Details of the vulnerability, located in the FileUpload class of Symantec's LiveState Apache Tomcat Server, are not provided in the vendor's security advisory. Crafted HTTP POST requests can be used to upload arbitrary JSP scripts and have the server execute them. Versions 7.0 and 7.0.1 are affected. Symantec has fixed the flaw in version 7.0.3.

See also:

(mba)

Add your comment

« previous | next »
Print Version | Send by email | Permalink: http://h-online.com/-734134

Also on The H:

  • Share this article
  • Twitter
  • Facebook
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit
The H Open Headlines

Price Insight Top 10 powered by Skinflint

  1. Samsung SSD 830 Series 128GB
  2. Samsung SSD 830 Series 256GB
  3. Samsung SSD 830 Series Desktop Upgrade Kit 256GB
  4. Intel Core i5-3570K
  5. Samsung Galaxy S3 i9300 16GB blau
  6. Crucial m4 SSD 128GB
  7. Gigabyte GeForce GTX 670 OC
  8. Palit GeForce GTX 670
  9. Diablo 3 (deutsch)
  10. Samsung Galaxy Nexus i9250 16GB silber

The H

The H open source

The H Security

The H Internet Toolkit