There’s an interesting vulnerability with JBoss when its administrator access has been misconfigured. I believe it comes that way out of the box, so this could be an issue. I came across this on Bugtraq, and luckily some remediation steps are available.
On February 20, 2007, In security, By eugenekogan
