CVE-2003-1290

BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI).

Published: Dec 31, 2003
Updated: Nov 9, 2025
CVE: CVE-2003-1290
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
bea / weblogic_server	8.1	8.1.x
bea / weblogic_server	8.1-sp4	8.1-sp4.x
bea / weblogic_server	7.0-sp2	7.0-sp2.x
bea / weblogic_server	7.0.0.1-sp4	7.0.0.1-sp4.x
bea / weblogic_server	6.1-sp4	6.1-sp4.x
bea / weblogic_server	6.1-sp5	6.1-sp5.x
bea / weblogic_server	6.0-sp1	6.0-sp1.x
bea / weblogic_server	6.1-sp6	6.1-sp6.x
bea / weblogic_server	7.0-sp4	7.0-sp4.x
bea / weblogic_server	6.0-sp2	6.0-sp2.x
bea / weblogic_server	7.0.0.1	7.0.0.1.x
bea / weblogic_server	7.0-sp3	7.0-sp3.x
bea / weblogic_server	8.1-sp3	8.1-sp3.x
bea / weblogic_server	6.0	6.0.x
bea / weblogic_server	6.1-sp2	6.1-sp2.x
bea / weblogic_server	6.1-sp1	6.1-sp1.x
bea / weblogic_server	8.1-sp1	8.1-sp1.x
bea / weblogic_server	7.0.0.1-sp1	7.0.0.1-sp1.x
bea / weblogic_server	6.1-sp3	6.1-sp3.x
bea / weblogic_server	7.0.0.1-sp3	7.0.0.1-sp3.x
bea / weblogic_server	7.0.0.1-sp2	7.0.0.1-sp2.x
bea / weblogic_server	7.0-sp1	7.0-sp1.x
bea / weblogic_server	7.0-sp5	7.0-sp5.x
bea / weblogic_server	8.1-sp2	8.1-sp2.x
bea / weblogic_server	6.1	6.1.x
bea / weblogic_server	7.0	7.0.x

Vulnerability Database

313,825

CVE-2003-1290

Deep Security Visibility Without the Complexity