2 matches found
CVE-2009-2704
The CVE-2009-2704 issue affects CA SiteMinder and related entries, where GET parameters could bypass J2EE XSS protections due to a %00 (encoded null byte). Root cause: improper filtering of user-supplied request parameters in SiteMinder, enabling bypass of XSS protections. Documented impact is by...
CVE-2009-2705
CVE-2009-2705 affects CA SiteMinder. The vulnerability allows remote attackers to bypass J2EE application XSS protections by submitting a request that uses non-canonical, overlong Unicode in place of blacklisted characters, enabling cross-site scripting bypasses. Documented impact is limited to b...