wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property
It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request...