Yuange

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Information Services (IIS) versions 4.x through 5.x **Description** The issue allows remote attackers to modify arbitrary uppercase environment variables via a newline character in an HTTP header. This is due to a CRLF injection vulnerability in the CGI implementation. **Recommendations** For Microsoft Internet Information Services (IIS) versions 4.x through 5.x, consider restricting access to CGI implementations until a patch is available. As a temporary workaround, avoid using newline characters in HTTP headers to minimize the risk of exploitation.