Description
BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate.
Products
- BEA Systems WebLogic Server 7.0.0.1
- BEA WebLogic Server 7.0.0.1 for Win32
- BEA Systems WebLogic Server 7.0.0.1 SP1
- BEA Systems WebLogic Express 7.0.0.1 SP1
- BEA Systems WebLogic Server 7.0.0.1 SP1 Win32
- BEA Systems WebLogic Server 7.0.0.1 SP2
- BEA Systems WebLogic Express 7.0.0.1 SP2
- BEA Systems WebLogic Server 7.0.0.1 SP2 Win32
- BEA Systems WebLogic Server 7.0.0.1 SP3
- BEA Systems WebLogic Express 7.0.0.1 SP3
- BEA Systems WebLogic Server 7.0.0.1 SP4
- BEA Systems WebLogic Express 7.0.0.1 SP4
- BEA Systems WebLogic Server 7.0
- BEA WebLogic Server 7.0 for Win32
- Bea Weblogic Server 7.0 - Express Edition
- BEA Systems WebLogic Server 7.0 Service Pack 1
- BEA Systems WebLogic Server 7.0 Service Pack 1 Express Edition
- BEA WebLogic Server 7.0 Service Pack 1 on Win32
- BEA Systems WebLogic Server 7.0 Service Pack 2
- BEA Systems WebLogic Server 7.0 Service Pack 2 Express Edition
- BEA Systems WebLogic Server 7.0 Service Pack 3
- BEA Systems WebLogic Server 7.0 Service Pack 3 Express Edition
- BEA Systems WebLogic Server 7.0 Service Pack 4
- BEA Systems WebLogic Server 7.0 Service Pack 4 Express Edition
- BEA Systems WebLogic Server 7.0 Service Pack 5
- BEA Systems WebLogic Server 7.0 Service Pack 5 Express Edition
- BEA Systems WebLogic Server 7.0 Service Pack 6
- BEA Systems WebLogic Server 7.0 Service Pack 6 Express Edition
- BEA Systems WebLogic Server 7.0 Service Pack 7
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2003-1095, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2003-1095 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References