Thermostat User Certificate Acquisition Vulnerability

Thermostat is a suite of monitoring instrumentation tools that support monitoring multiple JVM instances in OpenJDK HotSpot virtual machines. Thermostat failed to properly set web.xml file permissions, allowing a local attacker to obtain user credentials by reading the file...

thermostat: local JMX URL disclosure

It was discovered that, in certain configurations, the Thermostat agent disclosed JMX management URLs of all local Java virtual machines to any local user. A local, unprivileged user could use this flaw to escalate their privileges on the system...