Java is a high risk app
iSTAM recommends uninstalling Java unless it is absolutely necessary.
Outdated or old versions of Java are frequently exploited by cyber criminals. Consider uninstalling Java if it is not required to deliver a business application or to manage this server.
Before removing Java, please check to ensure that it is not required by a business application installed on the device. Backing up your device is also recommended as a precaution before uninstalling Java or any other system, service, or application.
2013 studies indicated that Java was responsible for about 50% of all Internet attacks after Adobe followed Microsoft by improving its security.
Since Java runs inside its own application (Java Virtual Machine), an exploit only has to break the Java security model to allow it to execute malicious code on a system. Since the exploit executes at the application level, security controls like DEP and ASLR will not prevent the code from running.