C-Note-07-007: JBoss Application Server Vulnerability (02/22/07)
The JBoss Application Server may allow unauthenticated, remote access to the administrative controls.
If JBoss is installed without using the advanced installer options, the JBoss security features will need to be configured manually.
This advisory is posted at:
http://www.kb.cert.org/vuls/id/632656
CIAC would like to thank US-CERT for this information.