{"@odata.context":"https://api.msrc.microsoft.com/sug/v2.0/sugodata/v2.0/en-US/$metadata#vulnerability/$entity","id":"00000000-0000-0000-0000-0000a0a20273","releaseDate":"2021-05-11T07:00:00Z","cveNumber":"CVE-2021-31166","cveTitle":"HTTP Protocol Stack Remote Code Execution Vulnerability","releaseNumber":"2021-May","vulnType":"Security Vulnerability","latestRevisionDate":"2021-05-11T07:00:00Z","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2021-31166","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2021-31166","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":1,"latestSoftwareRelease":"Exploitation More Likely","olderSoftwareReleaseId":1,"olderSoftwareRelease":"Exploitation More Likely","denialOfService":"N/A","tag":"Windows HTTP.sys","issuingCna":"Microsoft","issuingCnaId":0,"severityId":100000000,"severity":"Critical","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"9.8","temporalScore":"8.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":0,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>How could an attacker exploit this vulnerability?</strong></p>\n<p>In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets.</p>\n<p><strong>Is this wormable?</strong></p>\n<p>Yes. Microsoft recommends prioritizing the patching of affected servers.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2021-31166","version":1,"revisionDate":"2021-05-11T07:00:00Z","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"cc5aa869-329d-eb11-a83d-000d3a6d3364"}]}