JBoss AS community project was renamed to WildFly Application server after 7.x and first release with new name was WildFly 8.

Last stable version of WildFly is 10.1.0.Final ,

and upcoming 11 which is currently at Beta1 with CR1 & Final coming in following weeks.

All EAP CVEs you mentioned ware addressed in WildFly as well.

if you follow the errata links for the CVEs you linked, you will find links to Bugzilla issues that ware used to track this issue.

for example for https://access.redhat.com/errata/RHSA-2015:1906  you find BZ https://bugzilla.redhat.com/show_bug.cgi?id=1252885  which links to upstream Jira for WildFly https://issues.jboss.org/browse/WFCORE-594

Which tells you it was fixed in WildFly core 2.0.0.CR9 which is used in WildFly 10. But you can also find linked Jira https://issues.jboss.org/browse/WFCORE-594  to backport fix to 1.0.x branch of wildfly-core which is used in WildFly 9, and later on we released 9.0.2.Final that had that version of core in it. as you can see in release notes Release Notes - JBoss Issue Tracker

In short, you can track all CVE issues back to Bugzilla / Jira for EAP and upstream projects where you can see how and where did fix land.

But it does take few clicks and looking around the code to see in what binary community release did fix land.

Ricardo Pesqueira wrote:

 

So I guess it is safe to say that the last release of Jboss AS 7.x (and any version below that) is vulnerable to those CVE's and there is no way to fix it besides migrating to Wildfly 9.0.2 (at least)?

Well that is true, at least for RHSA-2015:1906, I didn't check others CVEs you mention.

But on other hand, mgmt. console is by default not publicly accessible and limited only to local network use and available on separate port.

So question is how exploitable can this even be in your environment. But as I said, that is just in case of this CVE.