| Vulnerability Name: | CVE-2003-1438 (CCN-11221) | ||||||||
| Assigned: | 2003-01-28 | ||||||||
| Published: | 2003-01-28 | ||||||||
| Updated: | 2017-07-29 | ||||||||
| Summary: | Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-362 | ||||||||
| Vulnerability Consequences: | Data Manipulation | ||||||||
| References: | Source: MITRE Type: CNA CVE-2003-1438 Source: BEA Type: Patch BEA03-26.01 Source: CCN Type: BEA Systems, Inc. Security Advisory (BEA03-26.01) Patch (Remedy, WorkaroundÂ…) available to prevent session sharing Source: CCN Type: SECTRACK ID: 1006018 BEA WebLogic May Disclose One User`s Session Data to Another User Source: CCN Type: OSVDB ID: 60386 BEA WebLogic Server Session Replication Cross-user Session Information Disclosure Source: BID Type: UNKNOWN 6717 Source: CCN Type: BID-6717 BEA Systems WebLogic Server and Express Session Sharing Vulnerability Source: SECTRACK Type: UNKNOWN 1006018 Source: XF Type: UNKNOWN weblogic-clustered-race-condition(11221) Source: XF Type: UNKNOWN weblogic-clustered-race-condition(11221) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||