CVE-2003-1094
First published: Wed Dec 31 2003(Updated: )
BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as in the frequent use of JNDI initial contexts, which could allow remote authenticated users to gain privileges.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle WebLogic Server | =7.0-sp3 | |
| Oracle WebLogic Server | =7.0-sp3 | |
| Oracle WebLogic Server | =7.0-sp3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2003-1094?
CVE-2003-1094 is considered a high-severity vulnerability due to the potential for unauthorized privilege escalation.
How do I fix CVE-2003-1094?
To fix CVE-2003-1094, it is recommended to upgrade to a patched version of BEA WebLogic Server beyond 7.0 SP3.
Who is affected by CVE-2003-1094?
CVE-2003-1094 affects users of BEA WebLogic Server and Express version 7.0 SP3.
What types of attacks are possible with CVE-2003-1094?
CVE-2003-1094 could allow remote authenticated users to gain elevated privileges through incorrect user context handling.
Is there a workaround for CVE-2003-1094?
There are no reliable workarounds for CVE-2003-1094; upgrading to a secure version is the best course of action.
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/remedy
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/bea
- canonical/oracle weblogic server
- version/oracle weblogic server/7.0-sp3