CVE-2003-1438

Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-26.01.jsp	Patch
http://www.securityfocus.com/bid/6717
http://www.securitytracker.com/id?1006018
https://exchange.xforce.ibmcloud.com/vulnerabilities/11221

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:bea:weblogic_server:5.1:::::::*
	cpe:2.3:a:bea:weblogic_server:6.0:::::::*
	cpe:2.3:a:bea:weblogic_server:6.1:::::::*
	cpe:2.3:a:bea:weblogic_server:7.0:::::::*
	cpe:2.3:a:bea:weblogic_server:7.0.0.1:::::::*

History

No history.

Information

Published : 2003-12-31 05:00

Updated : 2024-02-28 10:24

NVD link : CVE-2003-1438

Mitre link : CVE-2003-1438

CVE.ORG link : CVE-2003-1438

JSON object : View

Products Affected

bea

weblogic_server

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

{"id": "CVE-2003-1438", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-12-31T05:00:00.000", "references": [{"url": "http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-26.01.jsp", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/6717", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1006018", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11221", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user."}], "lastModified": "2017-07-29T01:29:11.717", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bea:weblogic_server:5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CCD5D4AD-0BA3-42F7-852F-524488D74A96"}, {"criteria": "cpe:2.3:a:bea:weblogic_server:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D9AB3C0-8783-4160-AE2D-D1E5AAAA0A78"}, {"criteria": "cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FDCF6AE-43DC-4AE5-9260-CA657F40BE77"}, {"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9C5AFCF-79D8-4005-B800-B0C6BD461276"}, {"criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74AE35FF-AC1C-435B-8CE9-F40AFFFA3A46"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}