CVE-1999-0970

OmniHTTPD - Denial of Service via Malformed URL

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0970. PoCs published by Valentin Perelogin.

AI-analyzed exploit summary This exploit triggers a denial of service in OmniHTTPD by causing visiadmin.exe to fill the hard drive with temporary files when invoked with the 'user=guest' argument. The attack is trivial to execute and requires no authentication.

Description

The OmniHTTPD visadmin.exe program allows a remote attacker to conduct a denial of service via a malformed URL which causes a large number of temporary files to be created.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Valentin Perelogin · textdoswindows
https://www.exploit-db.com/exploits/20304

This exploit triggers a denial of service in OmniHTTPD by causing visiadmin.exe to fill the hard drive with temporary files when invoked with the 'user=guest' argument. The attack is trivial to execute and requires no authentication.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: OmniHTTPD (version not specified)
No auth needed
Prerequisites: OmniHTTPD with visiadmin.exe installed and accessible via CGI
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1808
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/14311
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/2271

Scores

EPSS 0.0316
EPSS Percentile 86.4%

Details

Status published
Products (1)
omnicron/omnihttpd
Published Jun 05, 1999
Tracked Since Feb 18, 2026