The host is installed with SpringSource Spring Framework 2.5.x before 2.5.6, 2.5.7 or 3.0.x before 3.0.3 and is prone to an arbitrary execution vulnerability. A flaw is present in the application, which fails to properly handle a crafted .jar file. Successful exploitation could allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.