← back
CVE-2014-9301

CVE-2014-9301

EPSS 4.0%
Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter.
Affected products
n/a · n/a
public PoCs found2
githubgithub.com/ottimo/burp-alfresco-referer-proxy-cve-2014-93010exploitdbwww.exploit-db.com/exploits/39258unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://seclists.org/bugtraq/2014/Jul/72https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-0_Alfresco_Community_Edition_Multiple_SSRF_vulnerabilities_v10.txt