Cross-Site Scripting Vulnerability in CA SiteMinder
CVE-2009-2704

Currently unrated

Key Information:

Vendor: Oracle
Status: J2ee
Vendor: CVE Published:; 11 August 2009

Summary

CA SiteMinder has a vulnerability that allows remote attackers to bypass standard cross-site scripting (XSS) defenses in J2EE applications. By crafting a specific request that includes an encoded null byte (%00), attackers can exploit this flaw to inject malicious scripts, potentially compromising the integrity and confidentiality of user data. This weakness demonstrates the importance of maintaining robust web application security measures and highlights the need for effective input validation.

References

http://i8jesus.com/?p=55

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 11, 2009