#Windows IIS

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** The attacker would be able to login as another user successfully.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

**According to the CVSS metrics, Confidentiality, Integrity, and Availability are Low (C:L, I:L, A:L). What would attacker have to do to exploit this vulnerability?** While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker can force a bad response to be cached into a regular URL by having multiple occurrences of the same variable in the query string. The impact depends on the business logic of the user application.