diff --git a/CHANGELOG b/CHANGELOG
index 99f134142..ade725055 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,9 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o [NSE] Applied patch that corrects an issue where the http-method-tamper
+  script would fail to properly detect JBoss servers vulnerable to the
+  CVE-2010-0738 vulnerability. [Hani Benhabiles]
+
 o [NSE] Added a new httpspider library and the script http-email-harvest that
   collects e-mail addresses by spidering a website. [Patrik]
 
diff --git a/scripts/http-method-tamper.nse b/scripts/http-method-tamper.nse
index b6e4efc0a..3cc8f785c 100644
--- a/scripts/http-method-tamper.nse
+++ b/scripts/http-method-tamper.nse
@@ -29,7 +29,7 @@ author = "Hani Benhabiles <kroosec@gmail.com>"
 
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 
-categories = {"safe", "auth"}
+categories = {"safe", "auth", "vuln"}
 
 require 'shortport'
 require 'http'
@@ -55,7 +55,10 @@ action = function(host, port)
         -- Checks if HTTP authentication or a redirection to a login page is applied.
         if getstatus == 401 or getstatus == 302 then
             local headstatus = http.head(host, port, path).status
-            if headstatus == 200 then
+            if headstatus == 500 and path == "/jmx-console/" then
+                -- JBoss authentication bypass.
+                table.insert(result, ("%s: Vulnerable to CVE-2010-0738."):format(path))
+            elseif headstatus == 200 then
                 -- Vulnerable to authentication bypass.
 				table.insert(result, ("%s: Authentication bypass possible"):format(path))
             end
diff --git a/scripts/script.db b/scripts/script.db
index f7ad36e7a..3db987d16 100644
--- a/scripts/script.db
+++ b/scripts/script.db
@@ -105,7 +105,7 @@ Entry { filename = "http-joomla-brute.nse", categories = { "brute", "intrusive",
 Entry { filename = "http-litespeed-sourcecode-download.nse", categories = { "exploit", "intrusive", "vuln", } }
 Entry { filename = "http-majordomo2-dir-traversal.nse", categories = { "exploit", "intrusive", "vuln", } }
 Entry { filename = "http-malware-host.nse", categories = { "malware", "safe", } }
-Entry { filename = "http-method-tamper.nse", categories = { "auth", "safe", } }
+Entry { filename = "http-method-tamper.nse", categories = { "auth", "safe", "vuln", } }
 Entry { filename = "http-methods.nse", categories = { "default", "safe", } }
 Entry { filename = "http-open-proxy.nse", categories = { "default", "discovery", "external", "safe", } }
 Entry { filename = "http-passwd.nse", categories = { "intrusive", "vuln", } }