Security library opens up vulnerability in Sun's Java Server
Sun uses the Mozilla Foundation's Network Security Services (NSS) in its Java System Application Server, Web Server and Web Proxy Server products. Security vulnerabilities, which also affected Mozilla products, are therefore also found in the Java servers. Attackers can exploit the bugs to inject foreign code.
Sun has released a bug report which includes links to updates for all server versions on the available platforms. Administrators of affected servers should either deactivate SSLv2 support or download and install the update.
- Security Vulnerabilities in the Network Security Services (NSS) Library May Affect Sun Java System Application Server, Web Server and Web Proxy Server, alert notification from Sun
- Mozilla Network Security Services (NSS) fails to properly process malformed SSLv2 server messages, vulnerability note from US-CERT
- Mozilla Network Security Services (NSS) fails to properly the client master key, vulnerability note from US-CERT
(mba)