CVE-2014-9302 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2014-9302

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

Server-side request forgery (SSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition 5.0.a and earlier allows remote attackers to trigger outbound requests via a crafted URI in the url parameter.

Affected Software

Name	Vendor	Start Version	End Version
Community_edition	Alfresco	*	5.0.a (including)

References

http://seclists.org/bugtraq/2014/Jul/72
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-0_Alfresco_Community_Edition_Multiple_SSRF_vulnerabilities_v10.txt