CA SiteMinder allows remote malicious users to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing a %00 (encoded null byte).
source: wwwsecurityfocuscom/bid/36086/info
Computer Associates SiteMinder is prone to a security-bypass vulnerability because it fails to properly validate user-supplied input
An attacker can exploit this issue to bypass cross-site scripting protections Successful exploits can aid in further attacks
We don't know which versions of Si ...