The host is installed with Oracle Java SE 7u40 and earlier, before Java SE 6u61, before Java SE 5.0u52 and is prone to unspecified vulnerability. The flaw is present in the application, which fails to handle vectors related to JAXP. Successful exploitation allows remote attackers to affect confidentiality, integrity, and availability.