CVE-2011-5279: CRLF Injection
First published: Wed Apr 23 2014(Updated: )
CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Internet Information Services | =4.0 | |
| Microsoft Internet Information Services | =5.0 | |
| Microsoft Windows 2000 | ||
| Microsoft Windows NT |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/references
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/microsoft
- canonical/microsoft internet information services
- version/microsoft internet information services/4.0
- version/microsoft internet information services/5.0
- canonical/microsoft windows 2000
- canonical/microsoft windows nt