Unrated severityNVD Advisory· Published Aug 11, 2009· Updated Apr 23, 2026
CVE-2009-2705
CVE-2009-2705
Description
CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters.
Affected products
2- cpe:2.3:a:broadcom:siteminder:*:*:*:*:*:*:*:*
- cpe:2.3:a:sun:j2ee:*:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- i8jesus.comnvdURL Repurposed
News mentions
0No linked articles in our index yet.