'Critical' Netscape NSS Library Flaw
The vulnerability directly affects users of the Netscape Enterprise Server and Sun ONE platform.
The flaw affects the Netscape Enterprise Server and Sun's Open Net Environment (Sun ONE), two widely used commercial Web server platforms that make use of the NSS library.
According to an advisory released by ISS X-Force, the flaw could result in harmful code execution on vulnerable systems during SSLv2 (Secure Sockets Layer) negotiation.
Research firm Secunia has tagged the vulnerability as ''highly critical''.
In addition, SSL is often used to secure sensitive or valuable communications, making this a high-value target for attackers.
Affected products include all known versions of the Netscape Enterprise Server (NES), the Netscape Personalization Engine (NPE), the Netscape Directory Server (NDS) and the Netscape Certificate Management Server (CMS).
Users of Sun's iPlanet and Sun ONE also are at risk.
ISS X-Force said any application or product that integrates the NSS library suite and implements SSLv2 ciphers was vulnerable.
The NSS library is predominantly used by Netscape Enterprise Server (NES) and Sun ONE/Sun Java System Web Server to serve Web content. It is publicly available as an open-source component from the Mozilla Foundation.
''Although Netscape Enterprise Server and Sun ONE are the most likely targets for attack, due to the open source nature of the component, there may be additional affected products that are not listed above,'' according to the advisory.