mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
16 KiB
16 KiB
CVE-2021-41773
&color=brighgreen)
Description
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
POC
Reference
- http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal.html
- http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html
- https://www.oracle.com/security-alerts/cpujan2022.html
Github
- https://github.com/0day404/vulnerability-poc
- https://github.com/0day666/Vulnerability-verification
- https://github.com/0e0w/GoHackTools
- https://github.com/0x3n0/redeam
- https://github.com/0x783kb/Security-operation-book
- https://github.com/0xAlmighty/CVE-2021-41773-PoC
- https://github.com/0xGabe/Apache-CVEs
- https://github.com/0xRar/CVE-2021-41773
- https://github.com/0xStrygwyr/OSCP-Guide
- https://github.com/0xZipp0/OSCP
- https://github.com/0xabdoulaye/CTFs-Journey
- https://github.com/0xsyr0/OSCP
- https://github.com/12345qwert123456/CVE-2021-41773
- https://github.com/189569400/Meppo
- https://github.com/1nhann/CVE-2021-41773
- https://github.com/20142995/Goby
- https://github.com/20142995/pocsuite3
- https://github.com/34zY/APT-Backpack
- https://github.com/5gstudent/cve-2021-41773-and-cve-2021-42013
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/AdrMAr5/baiim
- https://github.com/Aijoo100/Aijoo100
- https://github.com/AkshayraviC09YC47/CVE-Exploits
- https://github.com/AnonymouID/POC
- https://github.com/ArrestX/--POC
- https://github.com/AssassinUKG/CVE-2021-41773
- https://github.com/Awrrays/FrameVul
- https://github.com/BEPb/tryhackme
- https://github.com/BabyTeam1024/CVE-2021-41773
- https://github.com/Balgogan/CVE-2021-41773
- https://github.com/BlueTeamSteve/CVE-2021-41773
- https://github.com/CHYbeta/Vuln100Topics
- https://github.com/CHYbeta/Vuln100Topics20
- https://github.com/CLincat/vulcat
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/CalfCrusher/Path-traversal-RCE-Apache-2.4.49-2.4.50-Exploit
- https://github.com/Chocapikk/CVE-2021-41773
- https://github.com/ComdeyOverflow/CVE-2021-41773
- https://github.com/DanielShmu/OSCP-Cheat-Sheet
- https://github.com/DoTuan1/Reserch-CVE-2021-41773
- https://github.com/EagleTube/CVE-2021-41773
- https://github.com/EkamSinghWalia/Mitigation-Apache-CVE-2021-41773-
- https://github.com/FDlucifer/firece-fish
- https://github.com/Fa1c0n35/CVE-2021-41773
- https://github.com/Fireeeeeeee/Web-API-Security-Detection-System
- https://github.com/Gekonisko/CTF
- https://github.com/GhostTroops/TOP
- https://github.com/GibzB/THM-Captured-Rooms
- https://github.com/H0j3n/EzpzCheatSheet
- https://github.com/H0j3n/EzpzShell
- https://github.com/H4cking2theGate/TraversalHunter
- https://github.com/Habib0x0/CVE-2021-41773
- https://github.com/Hattan-515/POC-CVE-2021-41773
- https://github.com/Hattan515/POC-CVE-2021-41773
- https://github.com/HernanRodriguez1/Dorks-Shodan-2023
- https://github.com/HightechSec/scarce-apache2
- https://github.com/HimmelAward/Goby_POC
- https://github.com/HxDDD/CVE-PoC
- https://github.com/Hydragyrum/CVE-2021-41773-Playground
- https://github.com/IcmpOff/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution-Exploit
- https://github.com/Ilovewomen/db_script_v2
- https://github.com/Ilovewomen/db_script_v2_2
- https://github.com/Iris288/CVE-2021-41773
- https://github.com/JERRY123S/all-poc
- https://github.com/JMontRod/Pruebecita
- https://github.com/Jeromeyoung/CVE-2021-41784
- https://github.com/K3ysTr0K3R/CVE-2021-41773-EXPLOIT
- https://github.com/K3ysTr0K3R/CVE-2021-42013-EXPLOIT
- https://github.com/KayCHENvip/vulnerability-poc
- https://github.com/LayarKacaSiber/CVE-2021-41773
- https://github.com/LeonardoE95/OSCP
- https://github.com/LetouRaphael/Poc-CVE-2021-41773
- https://github.com/LoSunny/vulnerability-testing
- https://github.com/Ls4ss/CVE-2021-41773_CVE-2021-42013
- https://github.com/LudovicPatho/CVE-2021-41773
- https://github.com/Ly0nt4r/OSCP
- https://github.com/MatanelGordon/docker-cve-2021-41773
- https://github.com/MazX0p/CVE-2021-41773
- https://github.com/McSl0vv/CVE-2021-41773
- https://github.com/Ming119/110-1_Network-and-System-Security_Midterm
- https://github.com/Miraitowa70/POC-Notes
- https://github.com/Mr-Tree-S/POC_EXP
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/MrCl0wnLab/SimplesApachePathTraversal
- https://github.com/N0el4kLs/Vulhub_Exp
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/NoTsPepino/Shodan-Dorking
- https://github.com/OfriOuzan/CVE-2021-41773_CVE-2021-42013_Exploits
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/PentesterGuruji/CVE-2021-41773
- https://github.com/Plunder283/CVE-2021-41773
- https://github.com/Ruviixx/proyecto-ps
- https://github.com/RyouYoo/CVE-2021-41773
- https://github.com/SYRTI/POC_to_review
- https://github.com/Sakura-nee/CVE-2021-41773
- https://github.com/SenukDias/OSCP_cheat
- https://github.com/Shadow-warrior0/Apache_path_traversal
- https://github.com/Shadowven/Vulnerability_Reproduction
- https://github.com/SirElmard/ethical_hacking
- https://github.com/TAI-REx/cve-2021-41773-nse
- https://github.com/TheKernelPanic/exploit-apache2-cve-2021-41773
- https://github.com/TheLastVvV/CVE-2021-41773
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/TishcaTpx/POC-CVE-2021-41773
- https://github.com/Trivialcorgi/Proyecto-Prueba-PPS
- https://github.com/TrojanAZhen/Self_Back
- https://github.com/Undefind404/cve_2021_41773
- https://github.com/Vulnmachines/cve-2021-41773
- https://github.com/WhooAmii/POC_to_review
- https://github.com/WingsSec/Meppo
- https://github.com/Yang8miao/prov_navigator
- https://github.com/Z0fhack/Goby_POC
- https://github.com/Zeop-CyberSec/apache_normalize_path
- https://github.com/ZephrFish/CVE-2021-41773-PoC
- https://github.com/Zero094/Vulnerability-verification
- https://github.com/Zeyad-Azima/Remedy4me
- https://github.com/Zh0ngS0n1337/CVE-2021-41773
- https://github.com/ahmad4fifz/CVE-2021-41773
- https://github.com/ahmad4fifz/CVE-2021-42013
- https://github.com/anldori/CVE-2021-41773-Scanner
- https://github.com/anquanscan/sec-tools
- https://github.com/apapedulimu/Apachuk
- https://github.com/aqiao-jashell/CVE-2021-41773
- https://github.com/aqiao-jashell/py-CVE-2021-41773
- https://github.com/asaotomo/CVE-2021-42013-Apache-RCE-Poc-Exp
- https://github.com/azazelm3dj3d/apache-traversal
- https://github.com/b1tsec/CVE-2021-41773
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/battleoverflow/apache-traversal
- https://github.com/belajarqywok/CVE-2021-41773-MSF
- https://github.com/belajarqywok/cve-2021-41773-msf
- https://github.com/bernardas/netsec-polygon
- https://github.com/binganao/vulns-2022
- https://github.com/blackn0te/Apache-HTTP-Server-2.4.49-2.4.50-Path-Traversal-Remote-Code-Execution
- https://github.com/blasty/CVE-2021-41773
- https://github.com/bryanqb07/oscp_notes
- https://github.com/byteofandri/CVE-2021-41773
- https://github.com/byteofjoshua/CVE-2021-41773
- https://github.com/capdegarde/apache_path_traversal
- https://github.com/cgddgc/CVE-2021-41773-42013
- https://github.com/chosenonehacks/Red-Team-tools-and-usefull-links
- https://github.com/cisagov/Malcolm
- https://github.com/cloudbyteelias/CVE-2021-41773
- https://github.com/corelight/CVE-2021-41773
- https://github.com/creadpag/CVE-2021-41773-POC
- https://github.com/cyberanand1337x/apache-latest-exploit
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/dai5z/LBAS
- https://github.com/dial25sd/arf-vulnerable-vm
- https://github.com/dileepdkumar/LayarKacaSiber-CVE-2021-41773
- https://github.com/e-hakson/OSCP
- https://github.com/elihsane/CyberSecurityTaak-El-Jari
- https://github.com/eljosep/OSCP-Guide
- https://github.com/enciphers-team/cve-exploits
- https://github.com/enomothem/PenTestNote
- https://github.com/exfilt/CheatSheet
- https://github.com/fardeen-ahmed/Bug-bounty-Writeups
- https://github.com/fnatalucci/CVE-2021-41773-RCE
- https://github.com/gwill-b/apache_path_traversal
- https://github.com/gwyomarch/CVE-Collection
- https://github.com/habibiefaried/CVE-2021-41773-PoC
- https://github.com/hackingyseguridad/nmap
- https://github.com/heane404/CVE_scan
- https://github.com/hktalent/TOP
- https://github.com/hktalent/bug-bounty
- https://github.com/honypot/CVE-2021-41773
- https://github.com/honypot/CVE-2021-42013
- https://github.com/htrgouvea/research
- https://github.com/htrgouvea/spellbook
- https://github.com/huimzjty/vulwiki
- https://github.com/hxysaury/saury-vulnhub
- https://github.com/i6c/MASS_CVE-2021-41773
- https://github.com/iilegacyyii/PoC-CVE-2021-41773
- https://github.com/ilurer/CVE-2021-41773-42013
- https://github.com/im-hanzou/apachrot
- https://github.com/imhunterand/ApachSAL
- https://github.com/inbug-team/CVE-2021-41773_CVE-2021-42013
- https://github.com/iosifache/ApacheRCEEssay
- https://github.com/iosifache/iosifache
- https://github.com/itsecurityco/CVE-2021-41773
- https://github.com/j4k0m/CVE-2021-41773
- https://github.com/jbmihoub/all-poc
- https://github.com/jbovet/CVE-2021-41773
- https://github.com/jheeree/Simple-CVE-2021-41773-checker
- https://github.com/justakazh/mass_cve-2021-41773
- https://github.com/kgwanjala/oscp-cheatsheet
- https://github.com/khulnasoft-lab/awesome-security
- https://github.com/khulnasoft-labs/awesome-security
- https://github.com/knqyf263/CVE-2021-41773
- https://github.com/komodoooo/Some-things
- https://github.com/komodoooo/some-things
- https://github.com/ksanchezcld/httpd-2.4.49
- https://github.com/kubota/POC-CVE-2021-41773
- https://github.com/leoambrus/CheckersNomisec
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/lopqto/CVE-2021-41773_Honeypot
- https://github.com/lorddemon/CVE-2021-41773-PoC
- https://github.com/ltfafei/my_POC
- https://github.com/luck-ying/Library-POC
- https://github.com/m96dg/CVE-2021-41773-exercise
- https://github.com/m96dg/vulnerable_docker_apache_2_4_49
- https://github.com/maennis/cybersecurity-reports
- https://github.com/mahtin/unix-v7-uucp-chkpth-bug
- https://github.com/masahiro331/CVE-2021-41773
- https://github.com/mauricelambert/CVE-2021-41773
- https://github.com/mauricelambert/CVE-2021-42013
- https://github.com/mauricelambert/mauricelambert.github.io
- https://github.com/merlinepedra/RedTeam_toolkit
- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
- https://github.com/merlinepedra25/RedTeam_toolkit
- https://github.com/mightysai1997/CVE-2021-41773-L-
- https://github.com/mightysai1997/CVE-2021-41773-PoC
- https://github.com/mightysai1997/CVE-2021-41773-i-
- https://github.com/mightysai1997/CVE-2021-41773.git1
- https://github.com/mightysai1997/CVE-2021-41773S
- https://github.com/mightysai1997/CVE-2021-41773h
- https://github.com/mightysai1997/CVE-2021-41773m
- https://github.com/mightysai1997/cve-2021-41773
- https://github.com/mightysai1997/cve-2021-41773-v-
- https://github.com/mmguero-dev/Malcolm-PCAP
- https://github.com/mohwahyudi/cve-2021-41773
- https://github.com/mr-exo/CVE-2021-41773
- https://github.com/n3k00n3/CVE-2021-41773
- https://github.com/nenandjabhata/CTFs-Journey
- https://github.com/nitishbadole/oscp-note-3
- https://github.com/noflowpls/CVE-2021-41773
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/norrig/CVE-2021-41773-exploiter
- https://github.com/not-matthias/sigflag-ctf
- https://github.com/numanturle/CVE-2021-41773
- https://github.com/orangmuda/CVE-2021-41773
- https://github.com/oscpname/OSCP_cheat
- https://github.com/parth45/cheatsheet
- https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
- https://github.com/pen4uin/awesome-vulnerability-research
- https://github.com/pen4uin/vulnerability-research
- https://github.com/pen4uin/vulnerability-research-list
- https://github.com/petitfleur/prov_navigator
- https://github.com/pirenga/CVE-2021-41773
- https://github.com/pisut4152/Sigma-Rule-for-CVE-2021-41773-and-CVE-2021-42013-exploitation-attempt
- https://github.com/provnavigator/prov_navigator
- https://github.com/puckiestyle/CVE-2021-41773
- https://github.com/pwn3z/CVE-2021-41773-Apache-RCE
- https://github.com/q99266/saury-vulnhub
- https://github.com/qwutony/CVE-2021-41773
- https://github.com/r00tVen0m/CVE-2021-41773
- https://github.com/randomAnalyst/PoC-Fetcher
- https://github.com/ranggaggngntt/CVE-2021-41773
- https://github.com/ravro-ir/golang_bug_hunting
- https://github.com/retr0-13/apachrot
- https://github.com/retrymp3/apache2.4.49VulnerableLabSetup
- https://github.com/revanmalang/OSCP
- https://github.com/samglish/ServerSide
- https://github.com/scarmandef/CVE-2021-41773
- https://github.com/seeu-inspace/easyg
- https://github.com/sergiovks/LFI-RCE-Unauthenticated-Apache-2.4.49-2.4.50
- https://github.com/shellreaper/CVE-2021-41773
- https://github.com/shiomiyan/CVE-2021-41773
- https://github.com/signorrayan/RedTeam_toolkit
- https://github.com/sixpacksecurity/CVE-2021-41773
- https://github.com/skentagon/CVE-2021-41773
- https://github.com/soosmile/POC
- https://github.com/superfish9/pt
- https://github.com/superlink996/chunqiuyunjingbachang
- https://github.com/superzerosec/CVE-2021-41773
- https://github.com/superzerosec/poc-exploit-index
- https://github.com/swaptt/swapt-it
- https://github.com/tanjiti/sec_profile
- https://github.com/the29a/CVE-2021-41773
- https://github.com/theLSA/apache-httpd-path-traversal-checker
- https://github.com/thehackersbrain/CVE-2021-41773
- https://github.com/thesakibrahman/THM-Free-Room
- https://github.com/trhacknon/Pocingit
- https://github.com/twseptian/CVE-2021-41773
- https://github.com/twseptian/CVE-2021-42013-Docker-Lab
- https://github.com/twseptian/cve-2021-41773
- https://github.com/twseptian/cve-2021-42013-docker-lab
- https://github.com/txuswashere/OSCP
- https://github.com/vida00/Scanner-CVE-2021-41773
- https://github.com/vida003/Scanner-CVE-2021-41773
- https://github.com/vinhjaxt/CVE-2021-41773-exploit
- https://github.com/vrbait1107/CTF_WRITEUPS
- https://github.com/vsfx1/apache_path_traversal
- https://github.com/vulf/CVE-2021-41773_42013
- https://github.com/vuongnv3389-sec/cve-2021-41773
- https://github.com/walnutsecurity/cve-2021-41773
- https://github.com/wangfly-me/Apache_Penetration_Tool
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
- https://github.com/wolf1892/CVE-2021-41773
- https://github.com/xMohamed0/CVE-2021-41773
- https://github.com/xanszZZ/pocsuite3-poc
- https://github.com/xhref/OSCP
- https://github.com/xuetusummer/Penetration_Testing_POC
- https://github.com/zecool/cve
- https://github.com/zer0qs/CVE-2021-41773
- https://github.com/zerodaywolf/CVE-2021-41773_42013
- https://github.com/zeronine9/CVE-2021-41773