The host is installed with Oracle Java SE 5.0 before update 22 and 6 before update 17 and is prone to directory traversal vulnerability. A flaw is present in the applications, which fails to properly handle a .. (dot dot) in a pathname. Successful exploitation allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files.