CVE-2014-9301

Alfresco Community Edition <5.0.a - SSRF

Title source: llm

Description

Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter.

Exploits (2)

exploitdb WRITEUP VERIFIED

by V. Paulikas · textremotemultiple

https://www.exploit-db.com/exploits/39258

View Code ZIP pw:eip

nomisec WORKING POC

by ottimo · poc

https://github.com/ottimo/burp-alfresco-referer-proxy-cve-2014-9301

View Code ZIP pw:eip

References (2)

Core 2

Core References

Exploit mailing-list x_refsource_bugtraq

http://seclists.org/bugtraq/2014/Jul/72

Exploit x_refsource_misc

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-0_Alfresco_Community_Edition_Multiple_SSRF_vulnerabilities_v10.txt

Scores

EPSS 0.0421

EPSS Percentile 88.8%

Details

Status published

Products (1)

alfresco/alfresco < 4.2.f

Published Dec 07, 2014

Tracked Since Feb 18, 2026