Red Hat Security Advisory 2013-0533-01 - Security: JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server.
d0d6dd86868163ea86659cbce4e62fa346ab23fec9600a6fe72c27a787121386