CVE-2005-1344

Apache HTTP Server 2.0.52 - Buffer Overflow via Long Realm Argument

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-1344. PoCs published by K-sPecial, Luca Ercoli.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in the htdigest utility of Apache by supplying an overly long realm value. It includes shellcode for a reverse shell connection to a specified IP and port, demonstrating remote code execution (RCE) in the context of the web server process.

Description

Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.

Exploits (2)

exploitdb WORKING POC VERIFIED

by K-sPecial · cremoteunix

https://www.exploit-db.com/exploits/25625

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in the htdigest utility of Apache by supplying an overly long realm value. It includes shellcode for a reverse shell connection to a specified IP and port, demonstrating remote code execution (RCE) in the context of the web server process.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache htdigest (versions <= 1.3.27 and <= 2.0.52)

No auth needed

Prerequisites: Access to execute htdigest with crafted input · Network connectivity to the specified IP and port for the reverse shell

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Luca Ercoli · cremoteunix

https://www.exploit-db.com/exploits/25624