Description

CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header.

Remediation

References

CVE-2011-5279

Related Vulnerabilities

WordPress Plugin Landing Page Builder-Lead Page-Optin Page-Squeeze Page-WordPress Landing Pages Cross-Site Scripting (1.4.9.8.9)

Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-45020)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-2163)

PHP-Fusion Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2013-1806)

phpBB CVE-2008-6507 Vulnerability (CVE-2008-6507)

Severity

Medium

Classification

CVE-2011-5279

Tags

Missing Update Known Vulnerabilities