CVE-2009-2705 Information

Description

CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical \overlong Unicode\ in place of blacklisted characters.

Reference

http://i8jesus.com/?p=55