CVE-2009-10005
published 2025-08-20CVE-2009-10005: ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing…
PriorityP264high8.7CVSS 4.0
AVNACLATNPRNUINVCHVINVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
0.72%
49.3th percentile
ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output parameters, attackers can read sensitive files such as /etc/passwd outside the webroot.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| contentkeeper_technologies | web_appliance | < 125.10 | 125.10 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated POST requests to /cgi-bin/ck/mimencode, particularly those containing path traversal sequences or parameters specifying output file paths, which indicate exploitation of the mimencode file disclosure vulnerability. ↗
- →Alert on any HTTP request targeting the mimencode CGI endpoint on ContentKeeper Web Appliances (versions prior to 125.10) from unauthenticated sources, as the binary is exposed without authentication controls. ↗
- →The Metasploit auxiliary module `auxiliary/admin/http/contentkeeper_fileaccess` can be used to test for this vulnerability; presence of this module in attacker tooling or logs referencing it may indicate active exploitation attempts. ↗
- ·Exploitation requires no authentication; there is no credential-based barrier to reaching the vulnerable CGI endpoint, meaning network-level access controls are the primary mitigation layer. ↗
- ·The vulnerability affects ContentKeeper Web Appliance versions strictly prior to 125.10; detections and mitigations should be scoped to appliances running older firmware. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://www.aushack.com/200904-contentkeeper.txthttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/admin/http/contentkeeper_fileaccess.rbhttps://web.archive.org/web/20100325220542/http://www.contentkeeper.com/https://www.exploit-db.com/exploits/16923https://www.vulncheck.com/advisories/contentkeeper-web-appliance-arbitrary-file-access-via-mimencode
2025-08-20
Published