Vulnerability in Symantec's Backup Exec System Recovery Manager
A vulnerability in Symantec's Backup Exec System Recovery Manager allows attackers to remotely inject malicious code onto a server and execute it without authentication. The product is an enterprise level centralised backup and recovery system for networked hosts.
Details of the vulnerability, located in the
FileUpload class of Symantec's LiveState Apache Tomcat Server, are not provided in the vendor's security advisory. Crafted HTTP POST requests can be used to upload arbitrary JSP scripts and have the server execute them. Versions 7.0 and 7.0.1 are affected. Symantec has fixed the flaw in version 7.0.3.
- Symantec Backup Exec System Recovery Manager - Unauthorized File Upload, Symantec security advisory
- Symantec Backup Exec Remote File Upload Vulnerability, ZDI security advisory