5

CVE-2011-5279

Exploit
CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftInternet Information Services Version4.0
   MicrosoftWindows 2000 Version-
   MicrosoftWindows Nt Version-
MicrosoftInternet Information Services Version5.0
   MicrosoftWindows 2000 Version-
   MicrosoftWindows Nt Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 19.24% 0.97
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://hi.baidu.com/yuange1975/item/b2cc7141c22108e91e19bc2e
Third Party Advisory
http://seclists.org/fulldisclosure/2012/Apr/0
Third Party Advisory
Exploit
Mailing List
http://seclists.org/fulldisclosure/2012/Apr/13
Third Party Advisory
Exploit
Mailing List
http://seclists.org/fulldisclosure/2014/Apr/108
Third Party Advisory
Exploit
Mailing List
http://seclists.org/fulldisclosure/2014/Apr/128
Third Party Advisory
Exploit
Mailing List
http://seclists.org/fulldisclosure/2014/Apr/247
Third Party Advisory
Exploit
Mailing List