CVE-2001-0820

GazTek ghttpd 1.4 - Remote Code Execution via Long Arguments

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2001-0820. PoCs published by flea.

AI-analyzed exploit summary This exploit targets a stack-based buffer overflow in GazTek HTTP Daemon v1.4 by sending a maliciously crafted GET request with an excessive argument length. It includes shellcode for a bind shell on port 36864 and supports multiple architectures (RedHat 7.2/7.3, Slackware 8.1).

Description

Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to execute arbitrary code via long arguments that are passed to (1) the Log function in util.c, or (2) serveconnection in protocol.c.

Exploits (2)

exploitdb WORKING POC VERIFIED

by flea · cremotelinux

https://www.exploit-db.com/exploits/21937

View Code ZIP pw:eip

This exploit targets a stack-based buffer overflow in GazTek HTTP Daemon v1.4 by sending a maliciously crafted GET request with an excessive argument length. It includes shellcode for a bind shell on port 36864 and supports multiple architectures (RedHat 7.2/7.3, Slackware 8.1).

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GazTek HTTP Daemon v1.4

No auth needed

Prerequisites: Network access to the target server · Target running GazTek HTTP Daemon v1.4 on a vulnerable architecture

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

cremotelinux

https://www.exploit-db.com/exploits/20929

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in GazTek HTTP Daemon v1.4 (ghttpd) on Linux x86 systems. It crafts a malicious HTTP GET request with shellcode to achieve remote code execution, spawning a shell with the privileges of the webserver (typically 'nobody').