CVE-2003-1438

Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user.

Published: Dec 31, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-1438
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-362

Affected Software
References

Software	From	Fixed in
bea / weblogic_server	7.0	7.0.x
bea / weblogic_server	5.1	5.1.x
bea / weblogic_server	6.0	6.0.x
bea / weblogic_server	6.1	6.1.x
bea / weblogic_server	7.0.0.1	7.0.0.1.x

http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-26.01.jsp
http://www.securityfocus.com/bid/6717
http://www.securitytracker.com/id?1006018
https://exchange.xforce.ibmcloud.com/vulnerabilities/11221

Vulnerability Database

289,689

CVE-2003-1438