The host is installed with Oracle Java SE 5.0 before Update 20 or 6 before Update 15 and is prone to security bypass vulnerability. A flaw is present in the applications, which fails to properly handle unspecified vectors. Successful exploitation allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application.