CVE-2014-9301

Name of the Vulnerable Software and Affected Versions Alfresco Community Edition versions prior to 5.0.a

Description A server-side request forgery (SSRF) issue exists, allowing remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter.

Recommendations For versions prior to 5.0.a, update to version 5.0.a or later to resolve the issue. As a temporary workaround, consider restricting access to the proxy servlet to minimize the risk of exploitation. Avoid using the endpoint parameter in the affected API endpoint until the issue is resolved.