CVE-2011-5279

CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header.

Published: Apr 23, 2014
Updated: Apr 13, 2023
CVE: CVE-2011-5279
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / internet_information_services	4.0	4.0.x
microsoft / internet_information_services	5.0	5.0.x

http://hi.baidu.com/yuange1975/item/b2cc7141c22108e91e19bc2e
http://seclists.org/fulldisclosure/2012/Apr/0
http://seclists.org/fulldisclosure/2012/Apr/13
http://seclists.org/fulldisclosure/2014/Apr/108
http://seclists.org/fulldisclosure/2014/Apr/128
http://seclists.org/fulldisclosure/2014/Apr/247

Vulnerability Database

289,697

CVE-2011-5279