CVE-2002-1120

Savant Web Server < 3.1 - Remote Code Execution via Long HTTP GET Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 6 public exploits for CVE-2002-1120. PoCs published by Metasploit, DouBle_Zer0, Jacopo Cervini, including Metasploit module exploits/windows/http/savant_31_overflow.

AI-analyzed exploit summary This is a Metasploit module exploiting a stack buffer overflow in Savant 3.1 Web Server via a malformed HTTP method. It includes a custom NOP sled generator to bypass character restrictions and targets multiple Windows versions.

Description

Buffer overflow in Savant Web Server 3.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.

Exploits (6)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16770

This is a Metasploit module exploiting a stack buffer overflow in Savant 3.1 Web Server via a malformed HTTP method. It includes a custom NOP sled generator to bypass character restrictions and targets multiple Windows versions.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Savant Web Server 3.1
No auth needed
Prerequisites: Network access to Savant 3.1 web server · Target system running a vulnerable Windows version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by DouBle_Zer0 · pythonremotewindows
https://www.exploit-db.com/exploits/10434

This exploit targets a buffer overflow vulnerability in Savant Web Server 3.1, delivering a reverse shell payload (calc.exe) via a crafted HTTP request. The exploit uses a known return address (0x00401D09) and NOP sleds to achieve reliable code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Savant Web Server 3.1
No auth needed
Prerequisites: Network access to the target server · Savant Web Server 3.1 running on Windows XP SP2/SP3
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Jacopo Cervini · perlremotewindows
https://www.exploit-db.com/exploits/4280

This exploit targets a buffer overflow vulnerability in Savant Web Server 3.1. It sends a malicious GET request with shellcode to bind a shell on port 4444, achieving remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Savant Web Server 3.1
No auth needed
Prerequisites: Network access to the target server · Savant Web Server 3.1 running on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by basher13 · perlremotewindows
https://www.exploit-db.com/exploits/1184

This Perl script exploits a buffer overflow vulnerability in Savant web server by sending a maliciously crafted HTTP GET request followed by shellcode to achieve remote code execution. It targets Windows 2000 SP4 and Windows XP SP1 systems.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Savant web server (version not specified)
No auth needed
Prerequisites: Network access to the target Savant server · Target running Windows 2000 SP4 or Windows XP SP1
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by TheMalwareGuardian · poc
https://github.com/TheMalwareGuardian/CVE-2002-1120

This repository contains a functional exploit for CVE-2002-1120, a stack-based buffer overflow in Savant Web Server 3.1. It includes multiple Python scripts demonstrating the exploitation process, from crash triggering to EIP control and shellcode execution using an egghunter technique.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Savant Web Server 3.1
No auth needed
Prerequisites: Network access to the target server · Python environment for running exploit scripts
devstral-2 · analyzed Mar 24, 2026 Full analysis →
metasploit WORKING POC GREAT
by aushack · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/savant_31_overflow.rb

This Metasploit module exploits a stack buffer overflow in Savant 3.1 Web Server by sending a maliciously crafted HTTP request. The exploit leverages a vulnerable HTTP method field to overwrite the return address and execute arbitrary code.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Savant Web Server 3.1
No auth needed
Prerequisites: Network access to the target server · Savant 3.1 Web Server running on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/10076.php
Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5686
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/16770/
Patch, Vendor Advisory mailing-list x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0112.html

Scores

EPSS 0.6736
EPSS Percentile 99.2%

Details

Status published
Products (1)
savant/savant_web_server < 3.1
Published Sep 24, 2002
Tracked Since Feb 18, 2026