Vulnerability Details : CVE-2011-5279
Potential exploit
CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header.
Products affected by CVE-2011-5279
- cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_information_services:4.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-5279
0.67%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-5279
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2011-5279
-
http://seclists.org/fulldisclosure/2012/Apr/13
Full Disclosure: Re: iis bugExploit;Mailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2014/Apr/108
Full Disclosure: iis cgi 0dayExploit;Mailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2014/Apr/247
Full Disclosure: Re: iis cgi 0dayExploit;Mailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2014/Apr/128
Full Disclosure: Re: iis cgi 0dayExploit;Mailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2012/Apr/0
Full Disclosure: FW: iis bugExploit;Mailing List;Third Party Advisory
Jump to