- Description
- Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 6.4
- Impact score
- 4.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:N
- Hype score
- Not currently trending
- Comment
- <a href="http://cwe.mitre.org/data/definitions/918.html">CWE-918: Server-Side Request Forgery (SSRF)</a>
- Impact
- -
- Solution
- -
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alfresco:alfresco:*:*:*:*:community:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54C6EE0C-7CC6-493A-B2ED-CF63CD017D53",
"versionEndIncluding": "4.2.f"
}
],
"operator": "OR"
}
]
}
]