JolokiaPwn - Information disclosure, DoS and more in Java web servers
How the popular tool Jolokia, commonly deployed in J2EE applications but also commonly misconfigured, can be used to disclose information or execute commands, often without authentication.