Vulnerability Description
BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as in the frequent use of JNDI initial contexts, which could allow remote authenticated users to gain privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | 7.0 |
References
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-35.jsp
- http://www.kb.cert.org/vuls/id/999788Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/8320Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12799
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-35.jsp
- http://www.kb.cert.org/vuls/id/999788Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/8320Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12799
FAQ
What is CVE-2003-1094?
CVE-2003-1094 is a vulnerability with a CVSS score of 7.2 (HIGH). BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as in the frequent use of JNDI initial contexts, which could allo...
How severe is CVE-2003-1094?
CVE-2003-1094 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1094?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.