CVE-2005-1087
CVE-2005-1087 is a medium-severity vulnerability in An An-httpd with a CVSS 2.0 base score of 6.4. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 2.0 base score 6.4)
- EPSS exploit prediction: 2% (81st percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: An An-httpd
- Published:
- Last modified:
Description
CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request.
Frequently asked questions
- What is CVE-2005-1087?
- CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request.
- How severe is CVE-2005-1087?
- CVE-2005-1087 has a CVSS 2.0 base score of 6.4, rated medium severity.
- Is CVE-2005-1087 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (81st percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2005-1087?
- CVE-2005-1087 affects An An-httpd. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2005-1087?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2005-1087 published?
- CVE-2005-1087 was published on 2005-04-07 and last updated on 2026-06-16.
References
- http://secunia.com/advisories/14861
- http://securitytracker.com/id?1013666
- http://www.osvdb.org/15362
- http://www.security.org.sg/vuln/anhttpd142n.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20031
Affected products (1)
- cpe:2.3:a:an:an-httpd:1.42n:*:*:*:*:*:*:*
More vulnerabilities in An An-httpd
- CVE-2006-1598 — High (CVSS 7.8): AN HTTPD 1.42n, and possibly other versions before 1.42p, allows remote attackers to obtain source code of scripts via…
- CVE-2002-1930 — High (CVSS 7.5): Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote attackers to execute arbitrary code via a SOCKS4 request…
- CVE-1999-0947 — High (CVSS 7.5): AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to…
- CVE-2005-1086 — Medium (CVSS 6.4): Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to execute arbitrary code via…