The host is installed with Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number. Successful exploitation could allow attackers to crash the service.