Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Alfresco vulnerability - how to fix the problem ?

benjamindupont
Champ in-the-making
Champ in-the-making

‎01-15-2016 04:09 AM

Hi,
I'm currently using Alfresco CE 4.2.f, and I saw there is avulnerability on this version :
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9300
http://seclists.org/bugtraq/2014/Jul/72
My data are sensitive, and I want to prevent a disclosure, do you have an idea to fix or avoid this problem ?

According to this article, the proxy servlet is concerned by this vulnerability. Is it possible to disable this function ? If yes, do you know how ? If not, what can you advise ?

For information, moving to the last Alfresco 5.0 version is not option.

Thanks!

Best regards
Labels:
0 Kudos
11 REPLIES 11

benjamindupont
Champ in-the-making
Champ in-the-making
In response to afaust

‎01-28-2016 09:03 AM

Hi Axel,
Thanks for your precisions about CMIS! Could you just tell us (If you know of course!), if this threat concern only a server which is placed with others servers (intranet) or not ?
Thanks!
0 Kudos

afaust
Legendary Innovator
Legendary Innovator

‎01-28-2016 11:58 AM

The threat concerns any server in a networked environment. Only if the Alfresco server in question would be prevented from making any outbound HTTP(S) connection attempts would you avoid the "network / port scan" part of the vulnerability. And technically you can't restrict the file-level access to a level where you aren't still affected by the "file scan" part of the vulnerability.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC