Known security vulnerabilities in JBoss 4.x.x?
There is this JBoss Application Server Remote Exploit (CVE-2010-0738) that was published recently.
The exploit works for JBoss running on both Linux and Windows platforms, when the exploit is successful it will return a command prompt or a shell to the attacker.
In addition to the vulnerability that Mark mentioned there's also some tools which are freely available which are designed to make taking over JBOSS servers easier, such as jboss-autopwn. If they successfully exploit the server they can deliver Metasploit payloads which includes the ability to get shell.