CVE-2002-1930

AN HTTPd 1.38-1.4.1c - Remote Code Execution via SOCKS4 Username Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1930. PoCs published by Kanatoko.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in AN HTTPD 1.41c when handling SOCKS4 requests with overly long usernames. It sends a crafted SOCKS4 request with a long username followed by shellcode to achieve remote code execution.

Description

Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote attackers to execute arbitrary code via a SOCKS4 request with a long username.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kanatoko · javaremotewindows

https://www.exploit-db.com/exploits/21955

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in AN HTTPD 1.41c when handling SOCKS4 requests with overly long usernames. It sends a crafted SOCKS4 request with a long username followed by shellcode to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: AN HTTPD 1.41c

No auth needed

Prerequisites: Network access to the target SOCKS4 server (port 1080) · AN HTTPD 1.41c running as a SOCKS4 server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit mailing-list x_refsource_vulnwatch

http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0032.html

Patch vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/10410.php

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/6012

Scores

EPSS 0.0546

EPSS Percentile 91.7%

Details

Status published

Products (6)

an/an-httpd 1.38

an/an-httpd 1.39

an/an-httpd 1.40

an/an-httpd 1.41

an/an-httpd 1.41b

an/an-httpd 1.41c

Published Dec 31, 2002

Tracked Since Feb 18, 2026