CVE-2003-1438
Published Dec 31, 2003
Last updated 7 years ago
Overview
- Description
- Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-362
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bea:weblogic_server:5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CCD5D4AD-0BA3-42F7-852F-524488D74A96"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2D9AB3C0-8783-4160-AE2D-D1E5AAAA0A78"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1FDCF6AE-43DC-4AE5-9260-CA657F40BE77"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F9C5AFCF-79D8-4005-B800-B0C6BD461276"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "74AE35FF-AC1C-435B-8CE9-F40AFFFA3A46"
}
],
"operator": "OR"
}
]
}
]