Debian Linux Security Advisory 3679-1 - Lukas Reschke discovered that Apache Jackrabbit, an implementation of the Content Repository for Java Technology API, did not correctly check the Content-Type header on HTTP POST requests, enabling Cross-Site Request Forgery (CSRF) attacks by malicious web sites.
0f5a893138b1cd78069b3dd03323499db2c569a7b00c3e203e1abf84f2e14e43