I face the same problem. But I'm working on TOMCAT. I believe this is a common mistake from the IT/security department. It shouldn't be security problem. But anyway, as they use some tool to scan, we have no choice to fix it.
I have a solution for tomcat. maybe it should be similar for you JBOSS, hope it helps you.
add following attribute
in the "Connector" element.
This is only work on TOMCAT 5.1.26, but not work on TOMCAT 5.0.30.