This indicates an attack attempt to exploit a SAX-injection vulnerability in Web Services which communicate through the use of SOAP requests.
The vulnerability is a result of the application's failure to properly sanitize user input before using it in web services. As a result, a remote attacker can send a crafted request to execute a function defined in the web service definition language (WSDL) file.
All web application environments are susceptible to SAX injection.
The signature can be enabled to block this traffic.