Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-1344Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Http Server

9 documents8 sources
Severity
7.5HIGHNVD
EPSS
12.9%
top 5.93%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Http Server
Timeline
PublishedMay 2
Latest updateMay 1

Description

Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDapache/http_server2.0.52

🔴Vulnerability Details

3
GHSA
GHSA-p8pw-2w2f-8jr7: Buffer overflow in htdigest in Apache 22022-05-01
OSV
CVE-2005-1344: Buffer overflow in htdigest in Apache 22005-05-02
CVEList
CVE-2005-1344: Buffer overflow in htdigest in Apache 22005-04-27

💥Exploits & PoCs

2
Exploit-DB
Apache 1.3.x - HTDigest Realm Command Line Argument Buffer Overflow (2)2005-05-11
Exploit-DB
Apache 1.3.x - HTDigest Realm Command Line Argument Buffer Overflow (1)2005-05-06

📋Vendor Advisories

3
Ubuntu
Apache 2 vulnerability2005-05-06
Debian
CVE-2005-1344: apache2 - Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbi...2005
Red Hat
CVE-2005-1344: Buffer overflow in htdigest in Apache 2
CVE-2005-1344 — Apache Http Server vulnerability | cvebase