Attacker Value
Low
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2014-9301

Disclosure Date: December 07, 2014
CVE-2014-9301
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter.

Add Assessment

1
Ratings
  • Attacker Value
    Low
  • Exploitability
    Very High
Easy to weaponizeUnauthenticatedVulnerable in default configurationNo useful access
Technical Analysis

despite the age of this vuln, we still find vulnerable Alfresco, therefore it’s worth a quick assessment to me.

having tried to exploit /proxy?endpoint i think there is no known way to execute a “useful” attack.

endpoint parameter can be abused to only do GET, so to achieve a write against an internal endpoint you should first have to find something that accepts modification using GET. possible, but uncommon.
HTML for the requested endpoint will be sent back to the attacker, and this could be a useful information, but mostly info disclosure. again depends on what’s in internal network, still possible but uncommon to find really juicy stuff.

plus, if my skills in reading java code are good enough, a quick code review in source code revealed that just http and https protocols are supported by calling Classe. no file:// or something can be used to achieve, say, LFI.

still useful to map internal network or dirty other servers’ log, and to collect information, but this vuln has a quite limited value to me.

Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • alfresco

Products

  • alfresco

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis