jboss eap is vulnerable to denial of service. It was found that JBoss EAP did not properly authorize a user performing a shut down. A remote user with the Monitor, Deployer, or Auditor role could use this flaw to shut down the EAP server, which is an action restricted to admin users.
rhn.redhat.com/errata/RHSA-2015-2538.html
rhn.redhat.com/errata/RHSA-2015-2538.html
rhn.redhat.com/errata/RHSA-2015-2539.html
rhn.redhat.com/errata/RHSA-2015-2539.html
rhn.redhat.com/errata/RHSA-2015-2540.html
rhn.redhat.com/errata/RHSA-2015-2540.html
rhn.redhat.com/errata/RHSA-2015-2541.html
rhn.redhat.com/errata/RHSA-2015-2541.html
rhn.redhat.com/errata/RHSA-2015-2542.html
rhn.redhat.com/errata/RHSA-2015-2542.html
www.securitytracker.com/id/1034280
www.securitytracker.com/id/1034280
access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html
access.redhat.com/security/updates/classification/#critical
bugzilla.redhat.com/show_bug.cgi?id=1273046
bugzilla.redhat.com/show_bug.cgi?id=1273046
bugzilla.redhat.com/show_bug.cgi?id=1275288
bugzilla.redhat.com/show_bug.cgi?id=1275300
bugzilla.redhat.com/show_bug.cgi?id=1275307
bugzilla.redhat.com/show_bug.cgi?id=1275310
bugzilla.redhat.com/show_bug.cgi?id=1275313
bugzilla.redhat.com/show_bug.cgi?id=1275316
bugzilla.redhat.com/show_bug.cgi?id=1275319
bugzilla.redhat.com/show_bug.cgi?id=1275330
bugzilla.redhat.com/show_bug.cgi?id=1275683
bugzilla.redhat.com/show_bug.cgi?id=1275690
bugzilla.redhat.com/show_bug.cgi?id=1279593
rhn.redhat.com/errata/RHSA-2015-2538.html