Vulnerability Description
CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Internet Information Services | 4.0 |
| Microsoft | Windows 2000 | - |
| Microsoft | Windows Nt | - |
References
- http://hi.baidu.com/yuange1975/item/b2cc7141c22108e91e19bc2eThird Party Advisory
- http://seclists.org/fulldisclosure/2012/Apr/0ExploitMailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2012/Apr/13ExploitMailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2014/Apr/108ExploitMailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2014/Apr/128ExploitMailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2014/Apr/247ExploitMailing ListThird Party Advisory
- http://hi.baidu.com/yuange1975/item/b2cc7141c22108e91e19bc2eThird Party Advisory
- http://seclists.org/fulldisclosure/2012/Apr/0ExploitMailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2012/Apr/13ExploitMailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2014/Apr/108ExploitMailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2014/Apr/128ExploitMailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2014/Apr/247ExploitMailing ListThird Party Advisory
FAQ
What is CVE-2011-5279?
CVE-2011-5279 is a vulnerability with a CVSS score of 5.0 (MEDIUM). CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase...
How severe is CVE-2011-5279?
CVE-2011-5279 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-5279?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Information Services, Microsoft Windows 2000, Microsoft Windows Nt.