CVE Vulnerabilities

CVE-2014-9301

Published: Dec 07, 2014 | Modified: Feb 17, 2015
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.4 MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter.

Affected Software

Name Vendor Start Version End Version
Alfresco Alfresco * 4.2.f (including)

References