CVE-2011-5279

CVE Database · CVE-2011-5279

CVE-2011-5279

· N/AModified

CVSS v3.1

N/A

EPSS

19.09%

Published

Apr 23, 2014

Modified

May 6, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header.

Affected Products (4)

microsoft · internet_information_servicesvulnerable

microsoft · windows_2000

microsoft · windows_nt

References (12)

http://hi.baidu.com/yuange1975/item/b2cc7141c22108e91e19bc2e

Third Party Advisory

http://seclists.org/fulldisclosure/2012/Apr/0

ExploitMailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2012/Apr/13

ExploitMailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2014/Apr/108

ExploitMailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2014/Apr/128

Exploit

KEV Catalog EPSS Scores Vendors All CVEs