The Web Services Security component in the Web Services Feature Pack before 6.1.0.41 for IBM WebSphere Application Server (WAS) 6.1 does not properly handle the enabling of WS-Security for a JAX-WS application, which has unspecified impact and attack vectors.

More... (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1377)