CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters.
References
Link | Resource |
---|---|
http://i8jesus.com/?p=55 | URL Repurposed |
Configurations
Configuration 1 (hide)
AND |
|
History
14 Feb 2024, 01:17
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://i8jesus.com/?p=55 - URL Repurposed |
Information
Published : 2009-08-11 10:30
Updated : 2024-02-28 11:21
NVD link : CVE-2009-2705
Mitre link : CVE-2009-2705
CVE.ORG link : CVE-2009-2705
JSON object : View
Products Affected
sun
- j2ee
broadcom
- siteminder
CWE
CWE-264
Permissions, Privileges, and Access Controls