Vulnerabilities > CVE-2014-9301 - Remote Security vulnerability in Alfresco 4.2.F

047910
CVSS 6.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
alfresco
exploit available

Summary

Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter. <a href="http://cwe.mitre.org/data/definitions/918.html">CWE-918: Server-Side Request Forgery (SSRF)</a>

Vulnerable Configurations

Part Description Count
Application
Alfresco
1

Exploit-Db

descriptionAlfresco /proxy endpoint Parameter Server Side Request Forgery (SSRF). CVE-2014-9301. Remote exploits for multiple platform
idEDB-ID:39258
last seen2016-02-04
modified2014-07-16
published2014-07-16
reporterV. Paulikas
sourcehttps://www.exploit-db.com/download/39258/
titleAlfresco /proxy endpoint Parameter Server Side Request Forgery SSRF