Cross-Site Scripting Vulnerability in CA SiteMinder
CVE-2009-2705

Currently unrated

Key Information:

Vendor: Oracle
Status: J2ee; Siteminder
Vendor: CVE Published:; 11 August 2009

Summary

CA SiteMinder is susceptible to a cross-site scripting (XSS) vulnerability, enabling remote attackers to circumvent established protections for J2EE applications. This can be achieved through crafted requests that utilize non-canonical, 'overlong Unicode' representations in lieu of blacklisted characters, effectively allowing malicious actions that compromise application security.

References

http://i8jesus.com/?p=55

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 11, 2009