CVE-2013-5019

Ultra Mini HTTPD 1.21 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 6 public exploits for CVE-2013-5019. PoCs published by jollymongrel, OJ Reeves, Sumit, including Metasploit module exploits/windows/http/ultraminihttp_bof.

AI-analyzed exploit summary This exploit targets a stack buffer overflow in Ultra MiniHTTPd 1.2 via a maliciously crafted HTTP GET request. It uses a combination of shellcode, an egg hunter, and a return address to achieve remote code execution (RCE) by spawning calc.exe.

Description

Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resource name in an HTTP request.

Exploits (6)

exploitdb WORKING POC VERIFIED
by jollymongrel · pythonlocalwindows_x86
https://www.exploit-db.com/exploits/44472

This exploit targets a stack buffer overflow in Ultra MiniHTTPd 1.2 via a maliciously crafted HTTP GET request. It uses a combination of shellcode, an egg hunter, and a return address to achieve remote code execution (RCE) by spawning calc.exe.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Ultra MiniHTTPd 1.2
No auth needed
Prerequisites: Network access to the target server · Target running Ultra MiniHTTPd 1.2 on Windows 7 32-bit
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by OJ Reeves · pythonremotewindows
https://www.exploit-db.com/exploits/31814

This exploit targets a stack buffer overflow in Mini HTTPD 1.21 via a maliciously crafted POST request. It uses a multi-stage payload to allocate memory, spawn a new thread for shellcode execution, and suspend the current thread to stabilize exploitation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Mini HTTPD 1.21
No auth needed
Prerequisites: Metasploit with msfencode installed · Target running Mini HTTPD 1.21 on Windows XP SP3
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Sumit · pythonremotewindows
https://www.exploit-db.com/exploits/31736

This exploit triggers a stack-based buffer overflow in Ultra Mini HTTPD 1.21 via a maliciously crafted POST request with an overly long URL. It leverages a JMP ESP instruction from user.dll to redirect execution to a shellcode payload that binds a shell to a TCP port.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Ultra Mini HTTPD 1.21
No auth needed
Prerequisites: Network access to the target HTTPD server · Target running Windows XP Professional SP3 with Ultra Mini HTTPD 1.21
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/27608

This Metasploit module exploits a stack-based buffer overflow in Ultra Mini HTTPD 1.21 via a long resource name in an HTTP GET request, allowing remote code execution. It uses a known return address from msvcrt.dll to redirect execution to the payload.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Ultra Mini HTTPD 1.21
No auth needed
Prerequisites: Network access to the target server · Target running Ultra Mini HTTPD 1.21 on Windows XP SP3
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by superkojiman · pythonremotewindows
https://www.exploit-db.com/exploits/26739

This exploit targets a stack buffer overflow in Ultra Mini HTTPD 1.21 by sending an overly long HTTP GET request. The payload includes a shellcode that binds a shell to a TCP port, leveraging a JMP ESP instruction from ntdll.dll.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Ultra Mini HTTPD 1.21
No auth needed
Prerequisites: Network access to the target server · Target running Ultra Mini HTTPD 1.21 on Windows XP SP2
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by superkojiman · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/ultraminihttp_bof.rb

This Metasploit module exploits a stack-based buffer overflow in Ultra Mini HTTPD 1.21 via a long HTTP resource name, executing arbitrary code by leveraging VirtualAlloc and CreateThread to maintain persistence despite the application's thread termination mechanism.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Ultra Mini HTTPD 1.21
No auth needed
Prerequisites: Network access to the target server · Ultra Mini HTTPD 1.21 running on a vulnerable Windows system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/26739
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44472/
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/95164
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/85599
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/61130
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/31736
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/31814

Scores

EPSS 0.6439
EPSS Percentile 99.1%

Details

CWE
CWE-119
Status published
Products (1)
vector/ultra_mini_httpd 1.21
Published Jul 31, 2013
Tracked Since Feb 18, 2026