CVE-2009-10005

HIGH

ContentKeeper Web Appliance <125.10 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-10005. PoCs published by Metasploit, aushack, including Metasploit module auxiliary/admin/http/contentkeeper_fileaccess.

AI-analyzed exploit summary This Metasploit module exploits a combination of vulnerabilities in ContentKeeper Web Appliance to achieve remote command execution as the Apache user, with potential privilege escalation to root via an insecure PATH call in a setuid binary.

Description

ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output parameters, attackers can read sensitive files such as /etc/passwd outside the webroot.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappshardware

https://www.exploit-db.com/exploits/16923

View Code ZIP pw:eip

This Metasploit module exploits a combination of vulnerabilities in ContentKeeper Web Appliance to achieve remote command execution as the Apache user, with potential privilege escalation to root via an insecure PATH call in a setuid binary.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ContentKeeper Web Appliance versions prior to 125.10

No auth needed

Prerequisites: Network access to the target's web interface · Target running a vulnerable version of ContentKeeper Web Appliance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC

by aushack · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/contentkeeper_fileaccess.rb

View Code ZIP pw:eip

This Metasploit module exploits a file access vulnerability in ContentKeeper Web Appliance by abusing the 'mimencode' binary to retrieve arbitrary files outside the webroot via directory traversal. It sends a crafted POST request to encode the target file and then retrieves it via a GET request.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: ContentKeeper Web Appliance (version not specified)

No auth needed

Prerequisites: Network access to the ContentKeeper Web Appliance · The 'mimencode' binary must be accessible at the specified URI

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/admin/http/contentkeeper_fileaccess.rb

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/16923

Various Sources technical-description

http://www.aushack.com/200904-contentkeeper.txt

Various Sources product

https://web.archive.org/web/20100325220542/http://www.contentkeeper.com/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/contentkeeper-web-appliance-arbitrary-file-access-via-mimencode

Scores

CVSS v4 8.7

EPSS 0.5241

EPSS Percentile 98.0%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-552

Status published

Products (1)

ContentKeeper Technologies/Web Appliance < 125.10

Published Aug 20, 2025

Tracked Since Feb 18, 2026