CVE-2009-2705

Currently unrated

Key Information:

Vendor: Oracle
Status: J2ee; Siteminder
Vendor: CVE Published:; 11 August 2009

Summary

CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters.

References

http://i8jesus.com/?p=55

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 11, 2009