CVE-2004-0245

Web Crossing 4.x and 5.x - Denial of Service via HTTP POST Content-Length

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0245. PoCs published by Peter Winter-Smith.

AI-analyzed exploit summary This exploit sends a malformed HTTP POST request with a negative 'Content-Length' header to trigger a denial of service in Web Crossing Web Server versions 4.x and 5.x. The vulnerability arises from improper handling of the header field, causing the server to crash or become unresponsive.

Description

Web Crossing 4.x and 5.x allows remote attackers to cause a denial of service (crash) by sending a HTTP POST request with a large or negative Content-Length, which causes an integer divide-by-zero.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Peter Winter-Smith · perldoswindows
https://www.exploit-db.com/exploits/23648

This exploit sends a malformed HTTP POST request with a negative 'Content-Length' header to trigger a denial of service in Web Crossing Web Server versions 4.x and 5.x. The vulnerability arises from improper handling of the header field, causing the server to crash or become unresponsive.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Web Crossing Web Server 4.x, 5.x
No auth needed
Prerequisites: Network access to the target server · Target server running Web Crossing Web Server 4.x or 5.x
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107586518120516&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9576
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15022

Scores

EPSS 0.0316
EPSS Percentile 86.3%

Details

Status published
Products (2)
web_crossing_inc/web_crossing 4.0
web_crossing_inc/web_crossing 5.0
Published Nov 23, 2004
Tracked Since Feb 18, 2026