Description
In the default configuration, after JBoss is installed, the JMX console is available at http://localhost:8080/jmx-console. The JMX console can be used to display the JNDI tree, dump the list of threads, redeploy an application or even shutdown the application server. By default, the console is not secured and can be used by remote attackers. Check References for detailed information.
It's possible to access the Server MBean that will disclose sensitive information. This information could be useful for an attacker.
Remediation
Restrict access to JMX Management Console.
References
Related Vulnerabilities
WordPress Plugin WP Easy full backup Information Disclosure (1.4)
WordPress Plugin Download Shortcode Arbitrary File Disclosure (0.1)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-4219)
HTML Form found in redirect page
WordPress Plugin Zip Attachments Arbitrary File Download (1.4)