Lucene search

[email protected]CVE-2003-1094

HistoryMar 10, 2005 - 5:00 a.m.

CVE-2003-1094

2005-03-1005:00:00

[email protected]

web.nvd.nist.gov

cve-2003-1094

bea weblogic server

code execution

privilege escalation

jndi initial contexts

7.5 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

74.3%

JSON

BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as in the frequent use of JNDI initial contexts, which could allow remote authenticated users to gain privileges.

Affected configurations

NVD

Node

beaweblogic_serverMatch7.0sp3

beaweblogic_serverMatch7.0sp3express

beaweblogic_serverMatch7.0sp3win32

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq7.0

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	7.0

References

dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-35.jsp

www.kb.cert.org/vuls/id/999788

www.securityfocus.com/bid/8320

exchange.xforce.ibmcloud.com/vulnerabilities/12799

7.5 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

74.3%

JSON

Related for CVE-2003-1094

cvelist1 nvd1