Unrated severityNVD Advisory· Published Mar 18, 2003· Updated Jun 16, 2026

CVE-2003-1095

Description

BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Bea/WebLogic Server8 versions
cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:win32:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:win32:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*
Bea/WebLogic Expressllm-fuzzy
Range: 7.0, 7.0.0.1

Patches

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

www.kb.cert.org/vuls/id/691153nvdPatchThird Party AdvisoryUS Government Resource
www.securityfocus.com/bid/7130nvdPatchVendor Advisory
dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-27.jspnvd
exchange.xforce.ibmcloud.com/vulnerabilities/11555nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000