Vulnerabilities > CVE-2014-9301 - Unspecified vulnerability in Alfresco 4.2.F
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN alfresco
exploit available
Summary
Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Alfresco /proxy endpoint Parameter Server Side Request Forgery (SSRF). CVE-2014-9301. Remote exploits for multiple platform |
| id | EDB-ID:39258 |
| last seen | 2016-02-04 |
| modified | 2014-07-16 |
| published | 2014-07-16 |
| reporter | V. Paulikas |
| source | https://www.exploit-db.com/download/39258/ |
| title | Alfresco /proxy endpoint Parameter Server Side Request Forgery SSRF |
References
- http://seclists.org/bugtraq/2014/Jul/72
- http://seclists.org/bugtraq/2014/Jul/72
- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-0_Alfresco_Community_Edition_Multiple_SSRF_vulnerabilities_v10.txt
- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-0_Alfresco_Community_Edition_Multiple_SSRF_vulnerabilities_v10.txt