Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution

Summary
Apache Tomcat/JBoss Application Server is prone to multiple remote code- execution vulnerabilities.
Impact
Successfully exploiting these issues may allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in a denial-of-service condition.
Solution
Ask the Vendor for an update.
Insight
The specific flaw exists within the exposed EJBInvokerServlet and JMXInvokerServlet. An unauthenticated attacker can post a marshalled object allowing them to install an arbitrary application on the target server.
Affected
Apache Tomcat/JBoss Application Server
Detection
Determine if EJBInvokerServlet/JMXInvokerServlet accessible without authentication.
References