CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header.
References
Link | Resource |
---|---|
http://hi.baidu.com/yuange1975/item/b2cc7141c22108e91e19bc2e | Third Party Advisory |
http://seclists.org/fulldisclosure/2012/Apr/0 | Exploit Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2012/Apr/13 | Exploit Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2014/Apr/108 | Exploit Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2014/Apr/128 | Exploit Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2014/Apr/247 | Exploit Mailing List Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2014-04-23T20:00:00
Updated: 2014-04-24T04:57:00
Reserved: 2014-04-23T00:00:00
Link: CVE-2011-5279
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-04-23T20:55:06.623
Modified: 2020-11-23T19:47:14.017
Link: CVE-2011-5279
JSON object: View
Redhat Information
No data.
CWE