The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character.
https://exchange.xforce.ibmcloud.com/vulnerabilities/2348
http://www.securityfocus.com/bid/522