Red Hat Security Advisory 2012-1559-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. A flaw was found in the way Apache CXF verified that XML elements were signed or encrypted by a particular Supporting Token. Apache CXF checked to ensure these elements were signed or encrypted by a Supporting Token, but not whether the correct token was used. A remote attacker could use this flaw to transmit confidential information without the appropriate security, and potentially circumvent access controls on web services exposed via Apache CXF.
d5e73eb74d72466bddcd439ae2bba0a2104e4aad9662744fbaf796e820bc8742