CVE-2011-5279

Name of the Vulnerable Software and Affected Versions Microsoft Internet Information Services (IIS) versions 4.x through 5.x

Description The issue allows remote attackers to modify arbitrary uppercase environment variables via a newline character in an HTTP header. This is due to a CRLF injection vulnerability in the CGI implementation.

Recommendations For Microsoft Internet Information Services (IIS) versions 4.x through 5.x, consider restricting access to CGI implementations until a patch is available. As a temporary workaround, avoid using newline characters in HTTP headers to minimize the risk of exploitation.