CVE-2011-5279

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Services
Vendor: CVE Published:; 23 April 2014

Summary

CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header.

References

http://seclists.org/fulldisclosure/2014/Apr/247

mailing-listx_refsource_FULLDISC

http://seclists.org/fulldisclosure/2014/Apr/128

mailing-listx_refsource_FULLDISC

http://seclists.org/fulldisclosure/2012/Apr/0

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability published
Apr 23, 2014
Vulnerability Reserved
Apr 23, 2014

Collectors

NVD DatabaseMitre Database