Details
A flaw exists in the FileUpload Class running on the Symantec LiveState Apache Tomcat server. An unauthorized file can be uploaded to the server through a malicious HTTP Post and placed anywhere on the server. Remote code execution with System level access is possible.
SecurityFocus, http://www.securityfocus.com, has assigned a Bugtraq ID(BID) to this issue for inclusion in the SecurityFocus vulnerability data base. The BID assigned is 27487 which can be found at http://www.securityfocus.com/bid/27487.
CVE
The Common Vulnerabilities and Exposures (CVE) initiative has assigned CVE Candidate numbers to this issue.
CVE Candidate CVE-2008-0457.
This issue is a candidate for inclusion in the CVE list (
http://cve.mitre.org), which standardizes names for security problems.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)