jbossweb is vulnerable to denial of service (DoS). The vulnerability exists as a flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service (infinite loop) on the JBoss Web server.
rhn.redhat.com/errata/RHSA-2012-0074.html
rhn.redhat.com/errata/RHSA-2012-0075.html
rhn.redhat.com/errata/RHSA-2012-0076.html
rhn.redhat.com/errata/RHSA-2012-0077.html
rhn.redhat.com/errata/RHSA-2012-0078.html
rhn.redhat.com/errata/RHSA-2012-0325.html
www.osvdb.org/78775
www.securityfocus.com/bid/51829
access.redhat.com/errata/RHSA-2012:0076
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=767871