CVE-2003-1094

BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as in the frequent use of JNDI initial contexts, which could allow remote authenticated users to gain privileges.

Published: Dec 31, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-1094
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
bea / weblogic_server	7.0-sp3	7.0-sp3.x

http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-35.jsp
http://www.kb.cert.org/vuls/id/999788
http://www.securityfocus.com/bid/8320
https://exchange.xforce.ibmcloud.com/vulnerabilities/12799

Vulnerability Database

289,599

CVE-2003-1094