CVE-1999-0267

NCSA HTTP daemon v1.3 - Remote Command Execution via Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-1999-0267. PoCs published by savage, Xtremist.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in NCSA HTTPd 1.3 by sending a crafted GET request with an overly long username field containing shellcode. The shellcode spawns a reverse shell, allowing remote code execution with the privileges of the web server process.

Description

Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution.

Exploits (2)

exploitdb WORKING POC VERIFIED

by savage · cremotelinux

https://www.exploit-db.com/exploits/21049

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in NCSA HTTPd 1.3 by sending a crafted GET request with an overly long username field containing shellcode. The shellcode spawns a reverse shell, allowing remote code execution with the privileges of the web server process.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: NCSA HTTPd 1.3 and earlier

No auth needed

Prerequisites: Network access to the target server · NCSA HTTPd 1.3 or earlier running on the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Xtremist · cremotelinux

https://www.exploit-db.com/exploits/21050

View Code ZIP pw:eip

This exploit targets a buffer overflow in NCSA HTTPd 1.3 via the username field, allowing remote code execution with webserver privileges. It uses shellcode to spawn a shell and adjusts the return address via an offset.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: NCSA HTTPd 1.3 and earlier

No auth needed

Prerequisites: Network access to the target web server · NCSA HTTPd 1.3 or earlier running on the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry x_refsource_misc

https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0267

Scores

EPSS 0.1024

EPSS Percentile 95.1%

Details

Status published

Products (1)

ncsa/ncsa_httpd 1.3

Published Sep 23, 1997

Tracked Since Feb 18, 2026