False Positive on jfr.jar

[Anshu2405]

False positive on library jfr.jar - reported as cpe:2.3:a:oracle:jrockit:1.8.0.301:::::::* As per description , vulnerability is present in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JAXP.

[aikebah]

Without a packageUrl for this library we cannot fix it and suppression would be up to you, I cannot find where this library originates from.