CVE-2009-10005
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-20

Last updated on: 2025-08-22

Assigner: VulnCheck

Description
ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output parameters, attackers can read sensitive files such as /etc/passwd outside the webroot.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-20
Last Modified
2025-08-22
Generated
2026-05-07
AI Q&A
2025-08-20
EPSS Evaluated
2026-05-05
NVD
CVE-2009-10005
EUVD
EUVD-2009-5116
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
contentkeeper contentkeeper_web *
contentkeeper contentkeeper_web_appliance *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-552 The product makes files or directories accessible to unauthorized actors, even though they should not be.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in ContentKeeper Web Appliance versions prior to 125.10, where the mimencode binary is exposed via a CGI endpoint. Unauthenticated attackers can send a crafted POST request to /cgi-bin/ck/mimencode with traversal and output parameters to retrieve arbitrary files from the filesystem, including sensitive files like /etc/passwd, which are outside the webroot.


How can this vulnerability impact me? :

The vulnerability allows unauthenticated attackers to read arbitrary files on the server, potentially exposing sensitive information such as user credentials or system configuration files. This can lead to information disclosure, which may facilitate further attacks or compromise of the system.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart