CVE-2009-20011

ContentKeeper Web Appliance < 125.10 RCE via mimencode

CVSS 10 CRITICALEPSS 1.3%CWE-434 CWE-78

Vexday Risk Score

63High priority

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 10EPSS 1.3%KEV nãoPoC públicaNuclei —Metasploit simPatch referenciado

Lifecycle

25 Feb 2009Metasploit module available

30 Aug 2025Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 are vulnerable to remote command execution due to insecure handling of file uploads via the mimencode CGI utility. The vulnerability allows unauthenticated attackers to upload and execute arbitrary scripts as the Apache user. Additionally, the exploit can optionally escalate privileges by abusing insecure PATH usage in the benetool binary, resulting in root-level access if successful.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected products

ContentKeeper Technologies · ContentKeeper Web Appliance

public PoCs found — 2

cve_referenceraw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/http/contentkeeperweb_mimencode.rbunverified cve_referencewww.aushack.com/200904-contentkeeper.txtunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/http/contentkeeperweb_mimencode.rb https://web.archive.org/web/20081220084819/http://www.contentkeeper.com/https://www.ativion.com/contentkeeper/https://www.vulncheck.com/advisories/contentkeeper-web-appliance-rce-via-mimencode http://www.aushack.com/200904-contentkeeper.txt