CVE-2012-2380 Information

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0376.html