The vulnerability lies in the Invoker service that enables applications to access the server remotely. An attacker can obtain a remote shell access on the target system to inject code into a website hosted in the server or steal files stored on the machine. The vulnerability allows an attacker to abuse the management interface of the JBoss AS in order to deploy additional functionality into the exploited JBoss infrastructure. As consequence the security community had witnessed a surge in Jboss AS hacking, the malicious traffic originated from the compromised servers was detected by Impervas honey pots.”]
Source: https://securityaffairs.co/wordpress/19852/hacking/jboss-application-server-exploit.html