Red Hat Security Advisory 2013-1221-01 – Fuse Message Broker is a messaging platform based on Apache ActiveMQ that provides SOA infrastructure to connect processes across heterogeneous systems. It was found that, by default, the Apache ActiveMQ web console did not require authentication. A remote attacker could use this flaw to modify the state of the Apache ActiveMQ environment, obtain sensitive information, or cause a denial of service. This update delivers a README file which describes how to manually configure an XML properties file to fix this flaw. Back up existing Fuse Message Broker configuration files before making changes…. Red Hat Security Advisory 2013-1221-01 – Fuse Message Broker is a messaging platform based on Apache ActiveMQ that provides SOA infrastructure to connect processes across heterogeneous systems. It was found that, by default, the Apache ActiveMQ web console did not require authentication. A remote attacker could use this flaw to modify the state of the Apache ActiveMQ environment, obtain sensitive information, or cause a denial of service. This update delivers a README file which describes how to manually configure an XML properties file to fix this flaw. Back up existing Fuse Message Broker configuration files before making changes.

Read more http://packetstormsecurity.com/files/123141/RHSA-2013-1221-01.txt