CVE-2003-1095

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server and Express versions 7.0 through 7.0.0.1

Description The issue arises when using "memory" session persistence for web applications. It does not clear authentication information when a web application is redeployed. This could allow users of that application to gain access without having to re-authenticate.

Recommendations For versions 7.0 through 7.0.0.1, consider disabling the "memory" session persistence for web applications until a fix is available. As a temporary workaround, restrict access to sensitive areas of the application to minimize the risk of unauthorized access.