Vulnerabilities > CVE-2014-9302 - Remote Security vulnerability in Community Edition

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
alfresco
exploit available
NVD
Published: 2014-12-07
Updated: 2014-12-09

Summary

Server-side request forgery (SSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition 5.0.a and earlier allows remote attackers to trigger outbound requests via a crafted URI in the url parameter. <a href="http://cwe.mitre.org/data/definitions/918.html">CWE-918: Server-Side Request Forgery (SSRF)</a>

Vulnerable Configurations

Part Description Count
Application
Alfresco
1

Exploit-Db

descriptionAlfresco /cmisbrowser url Parameter Server Side Request Forgery (SSRF). CVE-2014-9302. Remote exploits for multiple platform
idEDB-ID:39259
last seen2016-02-04
modified2014-07-16
published2014-07-16
reporterV. Paulikas
sourcehttps://www.exploit-db.com/download/39259/
titleAlfresco /cmisbrowser url Parameter Server Side Request Forgery SSRF

References