CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters.
References
Link Providers
http://i8jesus.com/?p=55 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-08-11T10:00:00Z

Updated: 2024-09-16T21:04:16.436Z

Reserved: 2009-08-05T00:00:00Z

Link: CVE-2009-2705

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2009-08-11T10:30:00.593

Modified: 2024-02-14T01:17:43.863

Link: CVE-2009-2705

cve-icon Redhat

No data.