CVE-2004-2299

Omnicron OmniHTTPd 3.0a - Remote Code Execution via Long Range Header

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2299. PoCs published by CoolICE.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in OmniHTTPd <=V3.0a via a maliciously crafted GET request with an oversized 'Range' header. It includes shellcode to execute arbitrary commands, leveraging a JMP ESP technique for control flow redirection.

Description

Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote attackers to execute arbitrary code via an HTTP GET request with a long Range header.

Exploits (1)

exploitdb WORKING POC VERIFIED
by CoolICE · remotewindows
https://www.exploit-db.com/exploits/24129

This exploit targets a buffer overflow vulnerability in OmniHTTPd <=V3.0a via a maliciously crafted GET request with an oversized 'Range' header. It includes shellcode to execute arbitrary commands, leveraging a JMP ESP technique for control flow redirection.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: OmniHTTPd <=V3.0a
No auth needed
Prerequisites: network access to target · OmniHTTPd running on Windows · nc.exe for payload delivery
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/10376
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16190
Exploit mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/363651
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/12944

Scores

EPSS 0.1023
EPSS Percentile 95.1%

Details

Status published
Published Dec 31, 2004
Tracked Since Feb 18, 2026