My experience of vulnerability disclosure 4 years ago 5 min read Security Talking about my experiences (and frustrations) of trying to responsibly disclose JolokiaPwn.
JolokiaPwn - Information disclosure, DoS and more in Java web servers 4 years ago 7 min read SecurityJMXJolokiaJ2EE How the popular tool Jolokia, commonly deployed in J2EE applications but also commonly misconfigured, can be used to disclose information or execute commands, often without authentication.