The remote host is missing a critical Oracle Java SE patch update.
The version of Oracle Java SE installed on the remote host is prior to 7 Update 131, or 8 Update 121 and is affected by a flaw in the AWT subcomponent that is triggered when handling menu items. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code outside of intended sandbox restrictions.
Upgrade to Java 1.8.0_121 or later. If version 1.8.x cannot be obtained, version 1.7.0_131 is also patched for this vulnerability.