Vulnerabilities > CVE-2014-9301 - Remote Security vulnerability in Alfresco 4.2.F
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter. <a href="http://cwe.mitre.org/data/definitions/918.html">CWE-918: Server-Side Request Forgery (SSRF)</a>
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Alfresco /proxy endpoint Parameter Server Side Request Forgery (SSRF). CVE-2014-9301. Remote exploits for multiple platform |
id | EDB-ID:39258 |
last seen | 2016-02-04 |
modified | 2014-07-16 |
published | 2014-07-16 |
reporter | V. Paulikas |
source | https://www.exploit-db.com/download/39258/ |
title | Alfresco /proxy endpoint Parameter Server Side Request Forgery SSRF |