This is a proof of concept exploit that leverages the addUrl method in the DeploymentScanner module on an exposed JBoss JMX console.

More... (http://packetstormsecurity.org/files/view/105520/jboss-addurl.txt)