CVE-2009-20011

UNKNOWN

Published Unknown

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2009-20011. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 are vulnerable to remote command execution due to insecure handling of file uploads via the mimencode CGI utility. The vulnerability allows unauthenticated attackers to upload and execute arbitrary scripts as the Apache user. Additionally, the exploit can optionally escalate privileges by abusing insecure PATH usage in the benetool binary, resulting in root-level access if successful.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

EU Vulnerability Database

Monitored by ENISA for EU cybersecurity

EU Coordination

EU Coordinated

Exploitation Status

No Known Exploitation

EUVD ID

View on ENISA

ENISA Analysis

Affected Products (ENISA)

contentkeeper technologies

contentkeeper web appliance

ENISA Scoring

CVSS Score (4.0)

10.0

/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS Score

0.850

probability

ENISA References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/http/contentkeeperweb_mimencode.rb

http://www.aushack.com/200904-contentkeeper.txt

https://www.ativion.com/contentkeeper/

https://web.archive.org/web/20081220084819/http://www.contentkeeper.com/

https://www.vulncheck.com/advisories/contentkeeper-web-appliance-rce-via-mimencode

Data provided by ENISA EU Vulnerability Database. Last updated: September 2, 2025

Published: Unknown

Last Modified: Unknown

Copied to clipboard!