Vulnerability identifier: #VU53113

Vulnerability risk: High

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-31166

CWE-ID: CWE-416

Exploitation vector: Network

Exploits in database: 10

• November 22, 2022
  • Home-Demolisher (PoC for CVE-2021-31166 and CVE-2022-21907) [Github]
• May 12, 2022
  • Windows IIS HTTP Protocol Stack DOS [Metasploit]
• March 7, 2022
  • CVE-2021-31166 (CVE-2021-31166: exploitation with Powershell, Python, Ruby, NMAP and Metasploit.) [Github]
• October 26, 2021
  • CVE-2021-31166 (PoC for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely. Although it was defined as remote command execution, it can only cause the system to crash.) [Github]
• September 27, 2021
  • CVE-2021-31166 (Windows HTTP协议栈远程代码执行漏洞 CVE-2021-31166) [Github]
• July 4, 2021
  • CVE-2021-31166-Exploit (Exploit for MS Http Protocol Stack RCE vulnerability (CVE-2021-31166)) [Github]
• May 24, 2021
  • WIn-CVE-2021-31166 () [Github]
• May 20, 2021
  • CVE-2021-31166 (simple bash script for exploit CVE-2021-31166) [Github]
• May 17, 2021
  • CVE-2021-31166 (Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.) [Github]
  • CVE-2021-31166 (PoC for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely. Although it was defined as remote command execution, it can only cause the system to crash.) [Github]

Impact: Code execution

Vulnerable software:
Windows
Operating systems & Components / Operating system
Windows Server
Operating systems & Components / Operating system

Vendor: Microsoft