CRLF Injection Vulnerability in Microsoft Internet Information Services
CVE-2011-5279

Currently unrated

Key Information:

Vendor

Microsoft
Status
Internet Information Services
Vendor
CVE Published:
23 April 2014

What is CVE-2011-5279?

A CRLF injection vulnerability exists in the CGI implementation of Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000. This flaw allows remote attackers to exploit HTTP headers by injecting newline characters, enabling them to modify arbitrary uppercase environment variables. Such manipulation can lead to further exploitation and unauthorized access, highlighting the importance of securing web applications against injection-based attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://seclists.org/fulldisclosure/2014/Apr/247
mailing-listx_refsource_FULLDISC
http://seclists.org/fulldisclosure/2014/Apr/128
mailing-listx_refsource_FULLDISC
http://seclists.org/fulldisclosure/2012/Apr/0
mailing-listx_refsource_FULLDISC

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.