CVE-2003-1438

Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:bea:weblogic_server:5.1:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:6.0:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*

History

20 Nov 2024, 23:47

Type Values Removed Values Added
References () http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-26.01.jsp - Patch () http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-26.01.jsp - Patch
References () http://www.securityfocus.com/bid/6717 - () http://www.securityfocus.com/bid/6717 -
References () http://www.securitytracker.com/id?1006018 - () http://www.securitytracker.com/id?1006018 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/11221 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/11221 -

Information

Published : 2003-12-31 05:00

Updated : 2024-11-20 23:47


NVD link : CVE-2003-1438

Mitre link : CVE-2003-1438

CVE.ORG link : CVE-2003-1438


JSON object : View

Products Affected

bea

  • weblogic_server
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')