openjdk is vulnerable to information disclosure. A flaw was found in the way the JSSE component of OpenJDK handled certificate status / OCSP stapling message during TLS handshake. A remote attacker could possibly use this flaw to gain access to certain sensitive information by manipulating TLS handshake messages.