We just had a breach of one of our servers, where an intruder got access using the JBoss account and started running exploit scripts. The server has been taken offline and is being investigated, but I'm curious about how he got in.
Are there any know vulnerabilities in JBoss 4.x.x that would allow an intruder to run a shell script through that account?