Apache HTTP Server 2.4.49-2.4.50 - Path Traversal and Remote Code Execution via Alias-like Directives
Title source: llmExploitation Summary
CVE-2021-42013 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021, with confirmed use in ransomware campaigns.
EIP tracks 45 public exploits from researchers including Valentin Lobstein, Lucas Souza, ThelastVvV, including a Metasploit module auxiliary/scanner/http/apache_normalize_path.
A Nuclei detection template is also available.
AI-analyzed exploit summary This exploit leverages path traversal and command injection in Apache HTTP Server 2.4.49/2.4.50 (with CGI enabled) to achieve remote code execution. It sends crafted POST requests to execute arbitrary commands via a vulnerable CGI endpoint.
Description
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.
Exploits (45)
This exploit leverages path traversal and command injection in Apache HTTP Server 2.4.49/2.4.50 (with CGI enabled) to achieve remote code execution. It sends crafted POST requests to execute arbitrary commands via a vulnerable CGI endpoint.
This exploit leverages a path traversal vulnerability in Apache HTTP Server 2.4.50 to achieve remote code execution (RCE) by sending a crafted request to the CGI binary path. The script reads a list of targets and executes a specified command on each host.
This exploit leverages a path traversal vulnerability in Apache HTTP Server 2.4.50 with CGI enabled to achieve remote code execution. It uses a series of encoded directory traversal sequences to bypass restrictions and execute a reverse shell via a temporary script.
This repository contains a Python script that exploits CVE-2021-42013, a path traversal and remote code execution vulnerability in Apache HTTP Server versions 2.4.49 and 2.4.50. The script checks for both path traversal and RCE vulnerabilities by sending crafted HTTP requests to the target server.
This repository contains a README file describing CVE-2021-42013, a path traversal vulnerability in Apache 2.4.50. No exploit code or technical details are provided.
This repository contains a working proof-of-concept exploit for CVE-2021-42013, an Apache HTTP Server path traversal and remote code execution vulnerability affecting versions 2.4.49 and 2.4.50. The PoC includes both file read and RCE capabilities via crafted HTTP requests.
This repository contains a Python-based exploit for CVE-2021-42013, targeting Apache HTTP Server 2.4.49. The exploit leverages path traversal and command injection vulnerabilities to read sensitive files (e.g., /etc/passwd) and execute arbitrary commands via a POST request to a CGI endpoint.
This PoC exploits CVE-2021-42013, a path traversal and command injection vulnerability in Apache 2.4.50 with CGI enabled. It uses a crafted curl request to write a reverse shell script to the target system and execute it.
This is a functional exploit for CVE-2021-42013, targeting Apache HTTP Server 2.4.49 and 2.4.50 via a path traversal vulnerability to achieve remote code execution. It includes both a vulnerability scanner and a reverse shell payload.
This repository contains a Python script that checks for and exploits CVE-2021-42013, a path traversal and remote code execution vulnerability in Apache HTTP Server 2.4.50. The script allows users to execute arbitrary commands on vulnerable servers via a crafted HTTP request.
This repository contains a functional proof-of-concept for CVE-2021-42013, demonstrating path traversal and remote code execution in Apache HTTP Server 2.4.49/2.4.50. It includes Python scripts and Docker configurations to exploit the vulnerability.
This PoC exploits CVE-2021-42013, a path traversal vulnerability in Apache HTTP Server 2.4.50, allowing unauthorized access to files outside the web root. The script uses a crafted curl request with encoded path traversal sequences to retrieve arbitrary files.
This repository contains a Python-based scanner for detecting CVE-2021-41773 and CVE-2021-42013 vulnerabilities in Apache HTTP Server versions 2.4.49 and 2.4.50. It checks for path traversal and potential RCE via mod_cgi by sending crafted HTTP requests.
This repository contains a Python script and a bash script to exploit CVE-2021-42013, a path traversal and remote code execution vulnerability in Apache HTTP Server versions 2.4.49 and 2.4.50. The scripts test for both path traversal and RCE by sending crafted requests to vulnerable endpoints.
The repository contains only a README.md with minimal information about CVE-2021-42013, an Apache HTTP Server path traversal vulnerability. No exploit code or technical details are provided.
This repository provides a Dockerized environment to reproduce CVE-2021-42013, a path traversal and remote code execution vulnerability in Apache HTTP Server 2.4.50. It includes a Dockerfile to build a vulnerable Apache instance and a Suricata configuration for detection.
This repository provides a Dockerized environment for testing CVE-2021-42013, a path traversal and potential RCE vulnerability in Apache HTTP Server 2.4.50. It includes a curl command to demonstrate the path traversal exploit.
This repository contains a working exploit for CVE-2021-42013, a path traversal and command injection vulnerability in Apache HTTP Server 2.4.50. The exploit uses a malformed CGI path to execute arbitrary commands on the target system.
This exploit leverages a path traversal vulnerability in Apache HTTP Server 2.4.50 (CVE-2021-42013) by using a crafted payload to bypass access controls and retrieve files outside the web root. The script uses curl to send the malicious request to the target server.
This repository provides a Docker-based lab environment to simulate and exploit CVE-2021-42013, a path traversal and RCE vulnerability in Apache HTTP Server 2.4.49. It includes functional exploit commands to demonstrate both path traversal and remote code execution.
This repository contains a functional Python exploit for CVE-2021-42013, targeting Apache HTTP Server 2.4.49/2.4.50 with CGI enabled. The exploit leverages path traversal and command injection to achieve remote code execution (RCE).
This repository contains a functional Python exploit for CVE-2021-42013, targeting Apache HTTP Server 2.4.49/2.4.50 with CGI enabled. The exploit leverages path traversal and command injection to achieve remote code execution (RCE).
This repository contains a functional Python exploit for CVE-2021-42013, targeting Apache HTTP Server 2.4.49/2.4.50 with path traversal and command injection via malformed CGI paths. The exploit includes interactive shell capabilities and payloads for both affected versions.
This repository contains a functional Python exploit for CVE-2021-42013, targeting Apache HTTP Server 2.4.49/2.4.50 with CGI enabled. The exploit leverages path traversal and command injection to achieve remote code execution (RCE).
This repository contains a Python script that exploits CVE-2021-42013, a path traversal and remote code execution vulnerability in Apache HTTP Server versions 2.4.49 and 2.4.50. The script checks for both path traversal and RCE vulnerabilities by sending crafted HTTP requests to the target server.
This repository contains a functional exploit for CVE-2021-42013, targeting Apache HTTP Server 2.4.50 with CGI enabled. It leverages path traversal to achieve remote code execution via curl-based payload delivery, including reverse shell capabilities.
This is a Python-based exploit for CVE-2021-42013, targeting a path traversal vulnerability in Apache HTTP Server. The script includes functionality for detecting remote OS, testing vulnerability, and executing commands via a crafted path.
This script exploits CVE-2021-42013, a path traversal vulnerability in Apache HTTP Server 2.4.49 and 2.4.50, by sending a crafted URL with a malicious payload to achieve remote code execution (RCE) via a reverse shell.
This PoC exploits CVE-2021-42013, a path traversal and command injection vulnerability in Apache HTTP Server 2.4.50, allowing remote code execution via a maliciously crafted request to the CGI binary.
This repository contains a functional exploit for CVE-2021-42013, targeting Apache 2.4.49/2.4.50 with path traversal and RCE via CGI script execution. The PoC includes a bash script that crafts malicious requests to achieve remote command execution.
This repository provides a vulnerable Dockerized Apache 2.4.50 service and a curl command to exploit CVE-2021-42013, a path traversal and command injection vulnerability. The PoC demonstrates remote code execution (RCE) via a maliciously crafted request to the CGI bin directory.
This repository contains a Python script that exploits CVE-2021-42013, a path traversal vulnerability in Apache HTTP Server 2.4.50, allowing LFI and RCE via cgi-bin. The script supports direct command execution and a pseudo-shell for continuous interaction.
This repository contains a Python script that exploits CVE-2021-42013, a path traversal and remote code execution vulnerability in Apache HTTP Server 2.4.50. The script includes functionality to test for both path traversal and RCE, with support for bulk scanning via a list of targets.
This repository contains a README file describing CVE-2021-42013, an Apache 2.4.50 path traversal vulnerability, but lacks actual exploit code or technical details. It primarily serves as a reference with links to external resources.
This repository contains a Python script that exploits CVE-2021-42013, a path traversal and remote code execution vulnerability in Apache HTTP Server 2.4.50. The script checks for vulnerable configurations and executes payloads to verify exploitation.
This is a C implementation of the Apache 2.4.50 path traversal and command injection exploit (CVE-2021-42013). It leverages a vulnerability in the normalization of CGI paths to execute arbitrary commands via a crafted URL and POST payload.
This PoC exploits CVE-2021-42013, a command injection vulnerability in Apache HTTP Server 2.4.49 and 2.4.50. It sends a crafted request to trigger a reverse shell to a specified IP and port.
This repository contains a working exploit for CVE-2021-42013, a path traversal and RCE vulnerability in Apache HTTP Server 2.4.50. The exploit uses a bash script to send crafted HTTP requests to vulnerable servers, leveraging path traversal to execute arbitrary commands.
This repository contains a functional exploit for CVE-2021-42013, targeting Apache HTTP Server 2.4.50. The exploit checks for the vulnerable version and attempts to achieve RCE via directory traversal and reverse shell injection if CGI is enabled.
This repository contains functional Python scripts for exploiting CVE-2021-41773 and CVE-2021-42013, which are path traversal and remote command execution vulnerabilities in Apache HTTP Server versions 2.4.49 and 2.4.50, respectively. The scripts demonstrate both path traversal and RCE capabilities by leveraging malformed URI paths to bypass security checks.
This repository contains a functional exploit for CVE-2021-41773 and CVE-2021-42013, targeting path traversal and RCE vulnerabilities in Apache HTTP Server versions 2.4.49 and 2.4.50. The exploit tests for both CGI and non-CGI configurations, demonstrating file disclosure and remote code execution capabilities.
This repository contains functional exploit code for CVE-2021-42013, a path traversal and command injection vulnerability in Apache HTTP Server. The scripts (Ruby and Python) allow file reading and command execution on vulnerable targets.
This repository contains a functional Python-based tool for testing Apache Path Traversal vulnerabilities, specifically CVE-2021-42013 and related CVEs. It includes exploit paths and a script to automate testing against target hosts.
This Metasploit module exploits CVE-2021-41773 and CVE-2021-42013, which are path traversal vulnerabilities in Apache 2.4.49 and 2.4.50. It checks for vulnerability, tests for RCE via mod_cgi, and reads arbitrary files.
This Metasploit module exploits CVE-2021-41773 and CVE-2021-42013, which are path traversal vulnerabilities in Apache 2.4.49 and 2.4.50. It allows unauthenticated remote command execution by leveraging improper normalization of paths in CGI scripts.
Nuclei Templates (1)
cpe:"cpe:2.3:a:apache:http_server" || apache 2.4.49
References (31)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H