Lucene search

[email protected]CVE-2003-1438

HistoryDec 31, 2003 - 5:00 a.m.

CVE-2003-1438

2003-12-3105:00:00

CWE-362

[email protected]

web.nvd.nist.gov

cve-2003-1438

bea weblogic server

race condition

data leakage

in-memory session replication

replicated stateful session beans

information security

7.5 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

57.5%

JSON

Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user.

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq7.0
bea:weblogic_serverbea weblogic servereq5.1
bea:weblogic_serverbea weblogic servereq6.0
bea:weblogic_serverbea weblogic servereq6.1
bea:weblogic_serverbea weblogic servereq7.0.0.1

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	7.0
bea:weblogic_server	bea weblogic server	eq	5.1
bea:weblogic_server	bea weblogic server	eq	6.0
bea:weblogic_server	bea weblogic server	eq	6.1
bea:weblogic_server	bea weblogic server	eq	7.0.0.1

References

dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-26.01.jsp

www.securityfocus.com/bid/6717

www.securitytracker.com/id?1006018

exchange.xforce.ibmcloud.com/vulnerabilities/11221

7.5 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

57.5%

JSON

Related for CVE-2003-1438

cvelist1