CVE-2004-2129

SurfNOW Professional - Denial of Service via Long HTTP GET Requests

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2129. PoCs published by Donato Ferrante.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service (DoS) vulnerability in SurfNOW by sending a malformed HTTP GET request with an excessively long path. The vulnerability is triggered by the large input, causing the application to crash.

Description

SurfNOW 2.2 allows remote attackers to cause a denial of service (crash) via a series of long HTTP GET requests, possibly triggering a buffer overflow.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Donato Ferrante · textdoswindows
https://www.exploit-db.com/exploits/23614

This exploit demonstrates a denial-of-service (DoS) vulnerability in SurfNOW by sending a malformed HTTP GET request with an excessively long path. The vulnerability is triggered by the large input, causing the application to crash.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: SurfNOW (version not specified)
No auth needed
Prerequisites: Network access to the vulnerable SurfNOW service
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9519
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107530924723559&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/14976

Scores

EPSS 0.0341
EPSS Percentile 87.3%

Details

Status published
Products (14)
loom_software/surfnow_professional 1.2
loom_software/surfnow_professional 1.4
loom_software/surfnow_professional 1.5
loom_software/surfnow_professional 1.6
loom_software/surfnow_professional 2.0
loom_software/surfnow_professional 2.1
loom_software/surfnow_professional 2.2
loom_software/surfnow_standard 1.2
loom_software/surfnow_standard 1.4
loom_software/surfnow_standard 1.5
... and 4 more
Published Dec 31, 2004
Tracked Since Feb 18, 2026