First published: Wed Apr 23 2014(Updated: )
CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Internet Information Services (IIS) | =4.0 | |
Microsoft Internet Information Services (IIS) | =5.0 | |
Microsoft Windows 2000 | ||
Microsoft Windows NT |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2011-5279 has a medium severity rating due to its potential to allow remote attackers to modify environment variables.
To fix CVE-2011-5279, it is recommended to upgrade to a newer version of Microsoft Internet Information Services that does not have this vulnerability.
CVE-2011-5279 affects Microsoft Internet Information Services versions 4.x and 5.x.
CVE-2011-5279 is associated with CRLF injection attacks where newline characters in HTTP headers can manipulate environment variables.
CVE-2011-5279 specifically affects IIS running on Windows 2000 and Windows NT.