CVE-2005-1344

Apache 2.0.52 - Buffer Overflow

Title source: llm

Description

Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.

Exploits (2)

exploitdb WORKING POC VERIFIED

by K-sPecial · cremoteunix

https://www.exploit-db.com/exploits/25625

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Luca Ercoli · cremoteunix

https://www.exploit-db.com/exploits/25624

View Code ZIP pw:eip

References (7)

[Mailing List] http://lists.apple.com/archives/security-announce/2005/May/msg00001.html

[Mailing List] http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html

[Mailing List] http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html

[Exploit] http://www.lucaercoli.it/advs/htdigest.txt

[Exploit] http://www.osvdb.org/12848

[Exploit] http://www.securiteam.com/unixfocus/5EP061FEKC.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/13537

Scores

EPSS 0.1289

EPSS Percentile 94.1%

Details

Status published

Products (1)

apache/http_server 2.0.52

Published May 02, 2005

Tracked Since Feb 18, 2026