Working on a lab this morning (Metasploit -Vulnerable Application Server V) I located a jboss 4.0.5ga instance. Jboss is a Java based application platform. The labs focus was around locating and exploiting a jboss application server. There wasn't a lot intricacy here - but I'll document anyways.
I know, db_nmap.
A quick banner with curl shows JBOSS version as 4.0.5ga. Easy enough.
Quick search for next steps - poking around I ended up using 16319 beanshell war upload msf module.
The flag was hidden on the file system. Module completed.