CVE-2001-1067

AOLserver 3.0 - Buffer Overflow via HTTP Authorization Header

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2001-1067. PoCs published by qitest1, Nate Haggard.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in AOLServer's ParseAuth() function by sending a maliciously crafted HTTP request with an oversized password field. It attempts to execute arbitrary shellcode (a bindshell on port 30464) by overwriting the stack frame pointer and return address.

Description

Buffer overflow in AOLserver 3.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via an HTTP request with a long Authorization header.

Exploits (2)

exploitdb WORKING POC VERIFIED

by qitest1 · cremoteunix

https://www.exploit-db.com/exploits/21089

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in AOLServer's ParseAuth() function by sending a maliciously crafted HTTP request with an oversized password field. It attempts to execute arbitrary shellcode (a bindshell on port 30464) by overwriting the stack frame pointer and return address.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Racy

Target: AOLServer version 3.2 and prior

No auth needed

Prerequisites: Network access to the target AOLServer · AOLServer running on a vulnerable version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Nate Haggard · perlremoteunix

https://www.exploit-db.com/exploits/21088

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in AOLServer 3.0 by sending a maliciously crafted HTTP request with an oversized Authorization header. The PoC demonstrates a denial-of-service (DoS) condition by crashing the server, though it could potentially be adapted for remote code execution (RCE).

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: AOLServer 3.0

No auth needed

Prerequisites: Network access to the target server · AOLServer 3.0 running on port 80

MITRE ATT&CK

T1499.004 - Application or System Exploitation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/3230

Exploit, Vendor Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2001-08/0325.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/7030

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/213041

Scores

EPSS 0.1611

EPSS Percentile 96.5%

Details

Status published

Products (2)

aol/aol_server 3.0

aol/aol_server 3.2

Published Aug 31, 2001

Tracked Since Feb 18, 2026