CVE-2014-9301

Alfresco Community Edition <5.0.a - SSRF

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-9301. PoCs published by V. Paulikas, ottimo.

AI-analyzed exploit summary The provided text describes an SSRF vulnerability in Alfresco Community Edition, where an attacker can exploit the proxy endpoint to access internal systems. It includes a sample request demonstrating the vulnerability but lacks executable exploit code.

Description

Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter.

Exploits (2)

exploitdb WRITEUP VERIFIED
by V. Paulikas · textremotemultiple
https://www.exploit-db.com/exploits/39258

The provided text describes an SSRF vulnerability in Alfresco Community Edition, where an attacker can exploit the proxy endpoint to access internal systems. It includes a sample request demonstrating the vulnerability but lacks executable exploit code.

Classification
Writeup 80%
Attack Type
Ssrf
Complexity
Trivial
Reliability
Theoretical
Target: Alfresco Community Edition 4.2.f and earlier
No auth needed
Prerequisites: Network access to the vulnerable Alfresco instance
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by ottimo · poc
https://github.com/ottimo/burp-alfresco-referer-proxy-cve-2014-9301

This is a Burp Suite extension written in Ruby that exploits CVE-2014-9301 by manipulating HTTP requests to bypass Alfresco's Referer header checks. It intercepts and modifies requests to redirect traffic, potentially allowing unauthorized access.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Alfresco Community Edition
No auth needed
Prerequisites: Burp Suite · Network access to target Alfresco instance
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Scores

EPSS 0.0405
EPSS Percentile 89.4%

Details

Status published
Products (1)
alfresco/alfresco < 4.2.f
Published Dec 07, 2014
Tracked Since Feb 18, 2026