CVE-2021-43557

HIGH

Apache APISIX < 2.10.2 - URI Blocklist Bypass via Unnormalized Request URI

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-43557. PoCs published by xvnpw.

AI-analyzed exploit summary This PoC demonstrates a path traversal vulnerability in Apache APISIX (CVE-2021-43557) by bypassing URI-blocker restrictions using encoded and unencoded path traversal sequences. It includes a Kubernetes setup with public and protected services to showcase the exploit.

Description

The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The $request_uri is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains "^/internal/", a URI like `//internal/` can be used to bypass it. Some other plugins also have the same issue. And it may affect the developer's custom plugin.

Exploits (1)

nomisec WORKING POC 22 stars
by xvnpw · poc
https://github.com/xvnpw/k8s-CVE-2021-43557-poc

This PoC demonstrates a path traversal vulnerability in Apache APISIX (CVE-2021-43557) by bypassing URI-blocker restrictions using encoded and unencoded path traversal sequences. It includes a Kubernetes setup with public and protected services to showcase the exploit.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Apache APISIX version 0.7.2
No auth needed
Prerequisites: Kubernetes cluster with Helm · Apache APISIX installed via Helm chart · Deployed public and protected services
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Mailing List, Vendor Advisory x_refsource_misc
https://lists.apache.org/thread/18jyd458ptocr31rnkjs71w4h366mv7h
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/11/22/1
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/11/22/2
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/11/23/1

Scores

CVSS v3 7.5
EPSS 0.5826
EPSS Percentile 98.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-77
Status published
Products (1)
apache/apisix < 2.10.2
Published Nov 22, 2021
Tracked Since Feb 18, 2026