Vulnerability Details : CVE-2011-5279
CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header.
Exploit prediction scoring system (EPSS) score for CVE-2011-5279
Probability of exploitation activity in the next 30 days: 1.13%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 83 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-5279
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2011-5279
-
http://seclists.org/fulldisclosure/2012/Apr/13
Full Disclosure: Re: iis bugExploit;Mailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2014/Apr/108
Full Disclosure: iis cgi 0dayExploit;Mailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2014/Apr/247
Full Disclosure: Re: iis cgi 0dayExploit;Mailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2014/Apr/128
Full Disclosure: Re: iis cgi 0dayExploit;Mailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2012/Apr/0
Full Disclosure: FW: iis bugExploit;Mailing List;Third Party Advisory
Products affected by CVE-2011-5279
- cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_information_services:4.0:*:*:*:*:*:*:*