Intrusion Prevention

HTTP.URI.Java.Code.Injection

Description

This indicates an attempt to exploit a Java Code Injection Vulnerability through HTTP requests.
The vulnerability is a result of the application's failure to check user supplied inputs. As a result, a remote attacker can send a crafted query to execute arbitrary code on a vulnerable server.

Affected Products

This is a generic signature against web-based Java Code injections.

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Review the code of web application and check all places where user input could possibly become part of the output for other users.

CVE References

CVE-2018-1273