Java Code Injection
Also Known As:
JSP Code Injection, ScriptEngine Code Injection, Rhino Code Injection - Variation
Java, JEE, J2EE, JSP
Input Validation, Syntax Escaping
Vector Operation Method:
Malicious inputs can affect the structure of server-side Java code which is generated dynamically. The injection may affect the application due to classic dynamic code generation issues, or due to the use of a ScriptEngine, such as Rhino, Jython, JRuby or other script engines.