CVE-2002-0289

Phusion Web Server 1.0 - Buffer Overflow via Long HTTP Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2002-0289. PoCs published by Alex Hernandez, alt3kx.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Phusion Webserver v1.0 for Windows NT. It sends an overly long HTTP GET request containing NOP sleds and shellcode to achieve remote code execution.

Description

Buffer overflow in Phusion web server 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long HTTP request.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Alex Hernandez · cremotewindows
https://www.exploit-db.com/exploits/21294

This exploit targets a buffer overflow vulnerability in Phusion Webserver v1.0 for Windows NT. It sends an overly long HTTP GET request containing NOP sleds and shellcode to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Phusion Webserver v1.0
No auth needed
Prerequisites: Network access to the target server · Phusion Webserver v1.0 running on Windows NT
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Alex Hernandez · perldoswindows
https://www.exploit-db.com/exploits/21293

This Perl script exploits a buffer overflow vulnerability in Phusion Webserver v1.0 by sending an excessively long HTTP GET request (3000+ bytes), causing the server to crash. The exploit targets a DoS condition via a malformed request to the CGI path.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Phusion Webserver v1.0
No auth needed
Prerequisites: Network access to the target server · Phusion Webserver v1.0 running on Windows
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec STUB
by alt3kx · poc
https://github.com/alt3kx/CVE-2002-0289

The repository contains only a README with references to Exploit-DB entries for CVE-2002-0289 but no actual exploit code or technical details. It mentions a buffer overflow and DoS vulnerability in Phusion WebServer 1.0 but lacks implementation.

Classification
Stub 90%
Attack Type
Dos
Complexity
Theoretical
Reliability
Theoretical
Target: Phusion WebServer 1.0
No auth needed
Prerequisites: Network access to Phusion WebServer 1.0
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=101408906001958&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4119
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4118

Scores

EPSS 0.1300
EPSS Percentile 95.8%

Details

Status published
Products (1)
bbshareware.com/phusion_webserver 1.0
Published May 31, 2002
Tracked Since Feb 18, 2026