QwikSec

Security Database

CVE

CWE

Training

CVE-2011-5279

Published: Apr 23, 2014

Modified: Aug 7, 2024

PUBLISHED

Description

CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20140419 Re: iis cgi 0day

mailing-list

x_refsource_FULLDISC

20140410 Re: iis cgi 0day

mailing-list

x_refsource_FULLDISC

20120401 FW: iis bug

mailing-list

x_refsource_FULLDISC

20140409 iis cgi 0day

mailing-list

x_refsource_FULLDISC

http://hi.baidu.com/yuange1975/item/b2cc7141c22108e91e19bc2e

x_refsource_MISC

20120402 Re: iis bug

mailing-list

x_refsource_FULLDISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.