Lucene search

[email protected]CVE-2003-1095

HistoryMar 18, 2003 - 5:00 a.m.

CVE-2003-1095

2003-03-1805:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2003-1095

bea weblogic server

authentication bypass

web application

session persistence

nvd

6.9 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

24.9%

JSON

BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using “memory” session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate.

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq7.0
bea:weblogic_serverbea weblogic servereq7.0.0.1

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	7.0
bea:weblogic_server	bea weblogic server	eq	7.0.0.1

References

dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-27.jsp

www.kb.cert.org/vuls/id/691153

www.securityfocus.com/bid/7130

exchange.xforce.ibmcloud.com/vulnerabilities/11555

6.9 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

24.9%

JSON

Related for CVE-2003-1095

openvas2 nessus1