Have you explored using the Workspace Virtualization component (included with CMS 7.x) to virtualize your legacy app and legacy Java, isolating them from the rest of the OS so that you can run that specific version of java when the app launches, running the latest versions for everything else?
https://www-secure.symantec.com/connect/articles/virtualizing-java-symantec-workspace-virtualization
http://www.symantec.com/docs/HOWTO75050
Also, on the subject of Java versions, Oracle now has built in expiration that triggers security settings:
https://www.java.com/en/download/faq/release_changes.xml
Java Expiration Date
The expiration date for 8u51 is October 20, 2015. Java expires whenever a new release with security vulnerability fixes becomes available. For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u51) on November 20, 2015. After either condition is met (new release becoming available or expiration date reached), Java will provide additional warnings and reminders to users to update to the newer version.
For more info on Java security you can read this page: https://www.java.com/en/security/developer-info.jsp as well as: https://www.java.com/en/download/help/java_blocked.xml