CVE-2011-5279

EUVD-2011-5178
CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
Affected Products (NVD)
VendorProductVersion
microsoftinternet_information_services
4.0
microsoftinternet_information_services
5.0
𝑥
= Vulnerable software versions
References
http://hi.baidu.com/yuange1975/item/b2cc7141c22108e91e19bc2e
http://seclists.org/fulldisclosure/2012/Apr/0
http://seclists.org/fulldisclosure/2012/Apr/13
http://seclists.org/fulldisclosure/2014/Apr/108
http://seclists.org/fulldisclosure/2014/Apr/128
http://seclists.org/fulldisclosure/2014/Apr/247
http://hi.baidu.com/yuange1975/item/b2cc7141c22108e91e19bc2e
http://seclists.org/fulldisclosure/2012/Apr/0
http://seclists.org/fulldisclosure/2012/Apr/13
http://seclists.org/fulldisclosure/2014/Apr/108
http://seclists.org/fulldisclosure/2014/Apr/128
http://seclists.org/fulldisclosure/2014/Apr/247