JBoss is vulnerable to Cross-site request forgery (CSRF). flaw was found in the JMX Console. A remote attacker could use this flaw to deploy a WAR file of their choosing on the target server, if they are able to trick a user, who is logged into the JMX Console as the admin user, into visiting a specially-crafted web page.
docs.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3/html-single/Release_Notes_CP09/index.html
securitytracker.com/id?1024813
securitytracker.com/id?1024813
www.redhat.com/security/updates/classification/#important
www.redhat.com/support/errata/RHSA-2010-0937.html
www.redhat.com/support/errata/RHSA-2010-0937.html
www.redhat.com/support/errata/RHSA-2010-0938.html
www.redhat.com/support/errata/RHSA-2010-0938.html
www.redhat.com/support/errata/RHSA-2010-0939.html
www.redhat.com/support/errata/RHSA-2010-0939.html
access.redhat.com/errata/RHSA-2010:0937
bugzilla.redhat.com/show_bug.cgi?id=604617
bugzilla.redhat.com/show_bug.cgi?id=604617