Lucene search
HistoryDec 07, 2014 - 9:59 p.m.
CVE-2014-9301
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
AI Score
6.7
Confidence
Low
EPSS
0.03
Percentile
91.1%
Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter.
Affected configurations
Node
alfrescoalfrescoRange≤4.2.fcommunity
Related
cvelist
cvelist
CVE-2014-9301
2014-12-07 21:00:00
exploitdb
exploitdb
Alfresco - '/proxy?endpoint' Server-Side Request Forgery
2014-07-16 00:00:00
attackerkb
attackerkb
CVE-2014-9301
2014-12-07 00:00:00
prion
prion
Server side request forgery (ssrf)
2014-12-07 21:59:00
cve
cve
CVE-2014-9301
2014-12-07 21:59:02
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
AI Score
6.7
Confidence
Low
EPSS
0.03
Percentile
91.1%
Related for NVD:CVE-2014-9301