Hi Peter,
Could you mention areas for locking down and getting rid of the error? Trying to identify these areas, it has been impossible to reproduce the error with the information in the error report. In AS7 JIRA (AS7-4929), Darran Lofthouse reported his attempts to reproduce the error by issuing the requests that the report describes. My Systems Manager is tryign to reach to the makers of the scanning tool and get more information. We are waiting for their response. It is difficult to fathom what else should be locked without further information.
Could this be "a false positive"? Darran explained to me that this error seems to belong to a different server, and that given the information at hand, Darran thought that it could be a "false positive". Moreover, a google search on the main description of the error "myserver 1.2.0" revealed just one result for JBoss with a different scanner and it was deemed to be a "false positive".