This indicates an attack attempt to exploit the Insecure Default Configuration of the RMI Registry and RMI Activation services.
The vulnerabiltiy allows loading of classes from any remote HTTP URL without any sort of authentication.
Java SE 6 and prior version.
Java JDK 7 and prior version.
System Compromise: Remote attackers can gain control of vulnerable systems.
There are no vendor supplied patches available at this time.