It was found that the JMX endpoint of Red Hat JBoss EAP 5 deserializes the credentials passed to it. An attacker could use this flaw to cause a denial of service.
You should not expose Remote JMX on EAP 5, or SOA-P 5. To do that remove this system property from bin/run.conf, or bin/run.conf.bat:
com.sun.management.jmxremote.port=<portNum>