|
|
|||
| Rule General Information |
|---|
| Release Date: | 2025-06-18 | |
| Rule Name: | Java Code Injection Detection - Suspicious Reflective Class Load 7 | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Code injection vulnerabilities are caused by the application's lax filtering of user input. Attackers can inject code into the server running the application and remotely execute the injected code. The rule is used to detect suspicious behavior of dynamically loading classes or executing methods through Java reflection. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| 1. Filter and escape user input to ensure that it does not contain malicious Java code. 2. Use safe apis and functions to execute code. Avoid directly concatenating user input into code. 3. Conduct regular security audits and tests to find potential code injection vulnerabilities and fix them in time. |