CVE-2011-5279

3 documents3 sources

Severity

5.0MEDIUM

EPSS

8.5%

top 7.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Information Services

Timeline

PublishedApr 23

Latest updateMay 13

Description

CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/internet_information_services4.0, 5.0+1

🔴Vulnerability Details

GHSA

GHSA-qgmx-m7r8-pq37: CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4↗2022-05-13

▶

CVEList

CVE-2011-5279: CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4↗2014-04-23

▶