CVE-2009-3027
HIGHEPSS 95th pctlDescription
VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300.
CVSS v2 Vector
No CVSS vector data available.
Exploit Intelligence
Very high risk: more likely to be exploited than 95% of all known CVEs.
References
- http://marc.info/?l=bugtraq&m=126046186917330&w=2
- http://secunia.com/advisories/37631
- http://secunia.com/advisories/37637
- http://secunia.com/advisories/37685
- http://securitytracker.com/id?1023309
- http://securitytracker.com/id?1023312
- http://seer.entsupport.symantec.com/docs/336988.htm
- http://seer.entsupport.symantec.com/docs/337279.htm
- http://seer.entsupport.symantec.com/docs/337293.htm
- http://seer.entsupport.symantec.com/docs/337392.htm
- http://seer.entsupport.symantec.com/docs/337859.htm
- http://seer.entsupport.symantec.com/docs/337930.htm
- http://www.osvdb.org/60884
- http://www.securityfocus.com/archive/1/508358/100/0/threaded
- http://www.securityfocus.com/bid/37012
- http://www.securitytracker.com/id?1023311
- http://www.securitytracker.com/id?1023313
- http://www.securitytracker.com/id?1023318
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091209_00
- http://www.vupen.com/english/advisories/2009/3467
- http://www.vupen.com/english/advisories/2009/3483
- http://www.zerodayinitiative.com/advisories/ZDI-09-098/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54665
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7986
Find and fix vulnerabilities across your fleet
TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
Start freeThis product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-04-23.