The JMX-Console web application in JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method. This module uploads an arbitrary .JSP file to the target in order to deploy an agent on it.
CVE Link
Exploit Platform
Product Name