The remote host is running a backdoor
The remote host seems to be infected with the Apache CDorked backdoor. This backdoor allows a remote user to create a shell and/or pass the server commands via specially crafted HTTP requests. In addition, the backdoor is used to further infect web clients by redirecting them to sites which infect the client with malware.
Manually clean the infected machine by replacing the trojan http binary. See the referenced link for more detection tools.