CVE-2009-2705

2022-10-0316:24:07

mitre

www.cve.org

cve-2009-2705} {ca siteminder} {xss} {protections} {j2ee applications} {overlong unicode} {blacklisted characters

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.3%

JSON

CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, “overlong Unicode” in place of blacklisted characters.

References

i8jesus.com/?p=55