CVE-2004-2033
Description
Orenosv 0.5.9f allows remote attackers to cause a denial of service (crash) via a long HTTP GET request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:orenosv:orenosv_http_ftp_server:0.5.9c:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:orenosv:orenosv_http_ftp_server:0.5.9c:*:*:*:*:*:*:*
- cpe:2.3:a:orenosv:orenosv_http_ftp_server:0.5.9e:*:*:*:*:*:*:*
- cpe:2.3:a:orenosv:orenosv_http_ftp_server:0.5.9f:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
Root cause
"A long HTTP GET request causes the server to crash."
Attack vector
An attacker can send a specially crafted HTTP GET request containing 420 'A' characters to the Orenosv server. This request targets the HTTP service, causing it to stop responding. The vulnerability was tested on Windows XP SP1 [ref_id=1].
What the fix does
The advisory does not specify a patch or provide details on how the vulnerability is fixed. It only states that a specifically crafted HTTP GET request with 420 'A's will cause the HTTP and FTP service to stop responding [ref_id=1]. Remediation guidance is not provided.
Preconditions
- inputThe server must be running Orenosv version 0.5.9f.
- networkThe attacker must have network access to the Orenosv server.
Reproduction
The advisory mentions that attached PoC code causes the orenosv service to crash [ref_id=1]. However, the provided text does not contain the full PoC code or detailed reproduction steps.
Generated on Jun 5, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- hp.vector.co.jp/authors/VA027031/orenosv/index_en.htmlnvdExploitVendor Advisory
- secunia.com/advisories/11706nvdExploitPatchVendor Advisory
- www.osvdb.org/6419nvdExploitPatchVendor Advisory
- www.securityfocus.com/bid/10420nvdExploitPatchVendor Advisory
- marc.infonvd
- exchange.xforce.ibmcloud.com/vulnerabilities/16250nvd
News mentions
0No linked articles in our index yet.