We've had one client affected by this 'Mark Cox's Blog: Statement
Regarding Security Threat to JBoss Application Server | JBoss Community'
(http://community.jboss.org/blogs/mjc...ication-server)


I haven't tried to recreate in a clean environment, but they were on a
3.7 install with jmx-console security enabled. The issue says it is
related to JBoss 4, but the JBoss shipped with the User App has the
incorrect security constraint.

https://access.redhat.com/kb/docs/DOC-30741

To summarize - when securing the jmx-console/web console:

Make sure to remove the http-method lines.

If someone could verify whether or not this is in the 4 variant, that
would be great. If not, I'll likely update in a week.


--
42sd
------------------------------------------------------------------------
42sd's Profile: http://forums.novell.com/member.php?userid=17383
View this thread: http://forums.novell.com/showthread.php?t=448118