I don't know if I've put this in the right section, but maybe a moderator can move it wherever it is appropriate.
The Description in the Nessus scan report:
The W3C XML Encryption Standard, implemented in JBossWS and used by one or more endpoints on the remote host, contains a design error. The design error allows unauthenticated, remote attackers to decrypt captured SOAP responses via a chosen-ciphertext attack. This issue affects all block ciphers used in cipher-block chaining (CBC) mode.
Upgrade the JBoss server to one of the patched versions listed in the vendor advisory, and enable galois/counter mode (GCM).
JBoss 5.1.0 GA is not in the list of patched versions, so is there a way to get this fix in JBoss 5.1.0 GA?
If you have a support subscription with Red Hat please raise a support case. This is fixed in EAP 5.2.0 and a patch released for EAP 5.1.2.