CVE-1999-0947

an-httpd - Remote Command Execution via Example CGI Scripts

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0947. PoCs published by UNYUN.

AI-analyzed exploit summary This exploit targets a vulnerability in AN-HTTPd server's default CGI scripts, allowing remote code execution due to insufficient input validation. The PoC demonstrates command injection via a crafted HTTP request.

Description

AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters.

Exploits (1)

exploitdb WORKING POC VERIFIED
by UNYUN · textremotewindows
https://www.exploit-db.com/exploits/19587

This exploit targets a vulnerability in AN-HTTPd server's default CGI scripts, allowing remote code execution due to insufficient input validation. The PoC demonstrates command injection via a crafted HTTP request.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: AN-HTTPd server (versions with vulnerable default CGI scripts)
No auth needed
Prerequisites: AN-HTTPd server with vulnerable default CGI scripts enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=94157187815629&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/762

Scores

EPSS 0.0316
EPSS Percentile 86.3%

Details

Status published
Products (1)
an/an-httpd 1.2b
Published Nov 02, 1999
Tracked Since Feb 18, 2026