The remote host is missing an update to libspring-2.5-java announced via advisory DSA 2504-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202504-1

It was discovered that the Spring Framework contains an information disclosure vulnerability in the processing of certain Expression Language (EL) patterns, allowing attackers to access sensitive information using HTTP requests. NOTE: This update adds a springJspExpressionSupport context parameter which must be manually set to false when the Spring Framework runs under a container which provides EL support itself. For the stable distribution (squeeze), this problem has been fixed in version 2.5.6.SEC02-2+squeeze1. We recommend that you upgrade your libspring-2.5-java packages.