2 matches found
CVE-2009-2704
CA SiteMinder allows remote attackers to bypass cross-site scripting XSS protections for J2EE applications via a request containing a %00 encoded null byte...
CVE-2009-2704
The CVE-2009-2704 issue affects CA SiteMinder and related entries, where GET parameters could bypass J2EE XSS protections due to a %00 (encoded null byte). Root cause: improper filtering of user-supplied request parameters in SiteMinder, enabling bypass of XSS protections. Documented impact is by...