The host is installed with Oracle Java SE 5.0 before update 22 or 6 before update 17 and is prone to information disclosure vulnerability. A flaw is present in the applications, which does not properly handle vectors related to the implementation of component, keyboardfocusmanager, and defaultkeyboardfocusmanager. Successful exploitation allows attackers to obtain sensitive information.