CVE-2003-0899

CRITICAL

thttpd 2.21-2.23b1 - Remote Code Execution via Defang Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2003-0899. PoCs published by d3ck4, Joel Soderberg.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in thttpd's defang() function by sending a maliciously crafted HTTP GET request with an overly long path. The exploit is designed to cause a denial-of-service (DoS) by crashing the thttpd daemon.

Description

Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "&lt;" and "&gt;" sequences.

Exploits (2)

exploitdb WORKING POC VERIFIED
by d3ck4 · cremotelinux
https://www.exploit-db.com/exploits/23306

This exploit targets a buffer overflow vulnerability in thttpd's defang() function by sending a maliciously crafted HTTP GET request with an overly long path. The exploit is designed to cause a denial-of-service (DoS) by crashing the thttpd daemon.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: thttpd versions 2.21 to 2.23b1
No auth needed
Prerequisites: Network access to the target thttpd server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Joel Soderberg · cdoslinux
https://www.exploit-db.com/exploits/23305

The code is a snippet of the vulnerable `defang()` function from thttpd, which lacks bounds checking and can lead to a buffer overflow. It does not contain an exploit but explains the vulnerability.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: thttpd versions 2.21 to 2.23b1
No auth needed
Prerequisites: Network access to the vulnerable thttpd server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/8906
Broken Link vendor-advisory x_refsource_debian
https://www.debian.org/security/2003/dsa-396
Broken Link, Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/10092
Broken Link vdb-entry x_refsource_osvdb
http://www.osvdb.org/2729
Broken Link, URL Repurposed x_refsource_misc
http://www.texonet.com/advisories/TEXONET-20030908.txt
Exploit, Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=106729188224252&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/13530

Scores

CVSS v3 9.8
EPSS 0.2046
EPSS Percentile 95.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-131
Status published
Products (2)
acme/thttpd 2.23 (2 CPE variants)
acme/thttpd 2.21 - 2.23
Published Nov 03, 2003
Tracked Since Feb 18, 2026