1. CVE-Search
  2. CVE-2014-9301
ID CVE-2014-9301
Summary Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter. <a href="http://cwe.mitre.org/data/definitions/918.html">CWE-918: Server-Side Request Forgery (SSRF)</a>
References
Vulnerable Configurations
  • cpe:2.3:a:alfresco:alfresco:4.2.f:*:*:*:community:*:*:*
    cpe:2.3:a:alfresco:alfresco:4.2.f:*:*:*:community:*:*:*
CVSS
Base: 6.4 (as of 17-02-2015 - 15:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:N
refmap via4
bugtraq 20140716 SEC Consult SA-20140716-0 :: Multiple SSRF vulnerabilities in Alfresco Community Edition
misc https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-0_Alfresco_Community_Edition_Multiple_SSRF_vulnerabilities_v10.txt
Last major update 17-02-2015 - 15:29
Published 07-12-2014 - 21:59
Last modified 17-02-2015 - 15:29
Back to Top