CVE-2014-9302

Alfresco Community Edition < 5.0.a - Server-Side Request Forgery via CMIS Browser Servlet URL Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-9302. PoCs published by V. Paulikas.

AI-analyzed exploit summary The provided text describes an SSRF vulnerability in Alfresco Community Edition, where an attacker can exploit the proxy endpoint to access internal systems. It includes example URLs demonstrating the vulnerability but lacks executable exploit code.

Description

Server-side request forgery (SSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition 5.0.a and earlier allows remote attackers to trigger outbound requests via a crafted URI in the url parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by V. Paulikas · textremotemultiple
https://www.exploit-db.com/exploits/39259

The provided text describes an SSRF vulnerability in Alfresco Community Edition, where an attacker can exploit the proxy endpoint to access internal systems. It includes example URLs demonstrating the vulnerability but lacks executable exploit code.

Classification
Writeup 80%
Attack Type
Ssrf
Complexity
Trivial
Reliability
Theoretical
Target: Alfresco Community Edition 4.2.f and earlier
No auth needed
Prerequisites: Network access to the vulnerable Alfresco instance
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Scores

EPSS 0.0201
EPSS Percentile 78.5%

Details

Status published
Products (1)
alfresco/community_edition < 5.0.a
Published Dec 07, 2014
Tracked Since Feb 18, 2026