Unrated severityNVD Advisory· Published Aug 11, 2009· Updated Apr 23, 2026

CVE-2009-2704

Description

CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing a %00 (encoded null byte).

Affected products

Sun Corporation/J2ee
cpe:2.3:a:sun:j2ee:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

i8jesus.comnvdURL Repurposed

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000