CVE-2009-2704

Published: Aug 11, 2009Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing a %00 (encoded null byte).

Affected (1)

Products: Sun: J2ee

Sun

1 product

J2ee

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sun J2ee	All versions

Related CWEs

CWE-264

References (2)

http://i8jesus.com/?p=55

Source: cve@mitre.org

URL Repurposed

http://i8jesus.com/?p=55

Source: af854a3a-2127-422b-91ae-364da2661108

URL Repurposed

Timeline

No history available yet.