CVE-2005-1087

AN HTTPD Server 1.42n - CRLF Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1087. PoCs published by Tan Chew Keong.

AI-analyzed exploit summary This exploit demonstrates a log injection vulnerability in AN HTTPD 1.42n, allowing arbitrary content injection into log files. It can be used to conceal attacks, execute BAT file commands, or aid in exploiting a remote buffer overflow vulnerability.

Description

CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Tan Chew Keong · textremotewindows
https://www.exploit-db.com/exploits/25365

This exploit demonstrates a log injection vulnerability in AN HTTPD 1.42n, allowing arbitrary content injection into log files. It can be used to conceal attacks, execute BAT file commands, or aid in exploiting a remote buffer overflow vulnerability.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: AN HTTPD 1.42n
No auth needed
Prerequisites: Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory vdb-entry x_refsource_osvdb
http://www.osvdb.org/15362
Vendor Advisory x_refsource_misc
http://www.security.org.sg/vuln/anhttpd142n.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/14861
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/20031
Vendor Advisory vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1013666

Scores

EPSS 0.0229
EPSS Percentile 80.9%

Details

Status published
Products (1)
an/an-httpd 1.42n
Published Apr 07, 2005
Tracked Since Feb 18, 2026