Cross-site scripting (XSS) vulnerability in Sun Java System Application Server 7 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.

Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate.