Oracle Java contains a flaw related to the Networking subcomponent (net.dll). The flaw is related to the Gopher protocol, an awesomely named, but mostly deprecated protocol that may allow an attacker to bypass port restrictions. The issue is due to the protocol not sanitizing input to an XML interface, allowing for XML injection. By sending a crafted XML request, an attacker can trick the system into forwarding the request to arbitrary systems and ports (including localhost), effectively bypassing network restrictions. This can be used to reach vulnerable interfaces or services that are presumably protected by firewalls or other screening devices.
Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.