CVE-2021-41773CRITICALCVSS 9.8CISA KEV: Actively Exploited

Apache HTTP Server Path Traversal Vulnerability

Published Nov 3, 2021·Updated Nov 3, 2021

Description

Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default �require all denied� or if CGI scripts are enabled. The original patch issued under this CVE ID is insufficient, please review remediation information under CVE-2021-42013.

Affected Packages (1)

apache-httpdOTHER
From 2.4.49
Fixed in 2.4.50

Public Exploits & PoCs100 found

PoC: CVE-2021-41773_CVE-2021-42013

CVE-2021-41773 CVE-2021-42013漏洞批量检测工具

139

PoC: CVE-2021-41773

Apache2 2.4.49 - LFI & RCE Exploit - CVE-2021-41773

51

PoC: mass_cve-2021-41773

MASS CVE-2021-41773

27

PoC: apachrot

Apache (Linux) CVE-2021-41773/2021-42013 Mass Vulnerability Checker

21

PoC: CVE-2021-41773

Fast python tool to test apache path traversal CVE-2021-41773 in a List of url

12

PoC: apache-httpd-path-traversal-checker

apache httpd path traversal checker(CVE-2021-41773 / CVE-2021-42013)

7

PoC: CVE-2021-41773

Exploit for Apache 2.4.49

7

PoC: CVE-2021-41773

CVE-2021-41773

7

PoC: CVE-2021-41773-Playground

Some docker images to play with CVE-2021-41773 and CVE-2021-42013

5

PoC: Apachuk

CVE-2021-41773 Grabber

5

PoC: cve-2021-41773-and-cve-2021-42013

cve-2021-41773 即 cve-2021-42013 批量检测脚本

4

PoC: CVE-2021-41773

POC

4

PoC: CVE-2021-41773

This is a simple POC for Apache/2.4.49 Path Traversal Vulnerability

4

PoC: Apache-HTTP-Server-2.4.49-2.4.50-Path-Traversal-Remote-Code-Execution

Apache HTTP-Server 2.4.49-2.4.50 Path Traversal & Remote Code Execution PoC (CVE-2021-41773 & CVE-2021-42013)

2

PoC: ApacheRCEEssay

Essay (and PoCs) about CVE-2021-41773, a remote code execution vulnerability in Apache 2.4.49 🕸️

2

PoC: Apache_Penetration_Tool

CVE-2021-41773&CVE-2021-42013图形化漏洞检测利用工具

2

PoC: CVE-2021-41773

On the 11/11/21 the apache 2.4.49-2.4.50 remote command execution POC has been published online and this is a loader so that you can mass exploit servers using this.

2

PoC: CVE-2021-41773

Remote Code Execution exploit for Apache servers. Affected versions: Apache 2.4.49, Apache 2.4.50

2

PoC: CVE-2021-41773

CVE-2021-41773 Docker lab

2

PoC: httpd-2.4.49

critical: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (CVE-2021-42013)

2

PoC: CVE-2021-41773

Apache 2.4.49 Path Traversal Vulnerability Checker

2

PoC: CVE-2021-41773

Mass exploitation CVE-2021-41773 and auto detect possible RCE

2

PoC: cve-2021-41773

CVE-2021-41773: Path Traversal Zero-Day in Apache HTTP Server Exploited

2

PoC: CVE-2021-41773-PoC

「🪶」PoC (Proof of concept) of Path traversal + RCE in Apache HTTP Server 2.4.49

1

PoC: Apache_2.4.29_Exploit

This document provides step-by-step instructions on performing a proof of concept (PoC) exploit on Apache HTTP Server 2.4.29, taking advantage of the path traversal vulnerability (CVE-2021-41773) and the globally accessible /tmp folder on Linux and MITIGATION

1

PoC: Apache-HTTP-Server-2.4.50-RCE

Apache-HTTP-Server-2.4.50-RCE This tool is designed to test Apache servers for the CVE-2021-41773 / CVE-2021-42013 vulnerability. It is intended for educational purposes only and should be used responsibly on systems you have explicit permission to test.

1

PoC: cve-2021-41773-msf

CVE-2021-41773 testing using MSF

1

PoC: CVE-2021-41773_CVE-2021-42013_Exploits

Exploit CVE-2021-41773 and CVE-2021-42013

1

PoC: py-CVE-2021-41773

python编写的apache路径穿越poc&exp

1

PoC: CVE-2021-41773

apache路径穿越漏洞poc&exp

1

PoC: Path-traversal-RCE-Apache-2.4.49-2.4.50-Exploit

CVE-2021-41773 | CVE-2021-42013 Exploit Tool (Apache/2.4.49-2.4.50)

1

PoC: CVE-2021-41773

These Metasploit, Nmap, Python and Ruby scripts detects and exploits CVE-2021-41773 with RCE and local file disclosure.

1

PoC: CVE-2021-41773_42013

Lab setup for CVE-2021-41773 (Apache httpd 2.4.49) and CVE-2021-42013 (Apache httpd 2.4.50).

1

PoC: CVE-2021-41773_Honeypot

Simple honeypot for CVE-2021-41773 vulnerability

1

PoC: CVE-2021-41773-PoC

Path Traversal and RCE in Apache HTTP Server 2.4.49

1

PoC: CVE-2021-41773

A Python script to check if an Apache web server is vulnerable to CVE-2021-41773

1

PoC: CVE-2021-41773

A Zeek package which raises notices for Path Traversal/RCE in Apache HTTP Server 2.4.49 (CVE-2021-41773) and 2.4.50 (CVE-2021-42013)

1

[POC] GHSA-3mgp-fx93-9xv5 — CVE-2021-41773

Prueba de concepto de CVE-2021-41773

PoC: CVE-2021-41773-POC

Apache HTTP Server 2.4.49 Path Traversal Vulnerability Reproduction

PoC: CVE-2021-41773-PoC

「🪶」PoC (Proof of concept) of Path traversal + RCE in Apache HTTP Server 2.4.49

PoC: cve-2021-41773-exploration

Recreation and analysis of a curious logic error in Apache 2.4.49 that escalated to remote code execution

PoC: CS4277-CVE-Path-Traversal-Apache-HTTP-Server

We hope to reproduce CVE-2021-41773 to deepen our understanding of real-world cybersecurity vulnerabilities so that we can be knowledgeable about exploits in industry and academic work.

PoC: CVE-2021-41773

CVE-2021-41773 <= Apache RCE Exploit

PoC: APACHE-PATH-TRAVERSAL-RCE-CVE-2021-41773-

A comprehensive analysis of CVE-2021-41773 (Apache HTTP Server 2.4.49), featuring vulnerability research, controlled lab-based exploitation, Proof-of-Concept development, root cause analysis, and mitigation strategies for educational and defensive security purposes.

PoC: CVE-2021-41773-RedTeam

Apache 2.4.49 Path Traversal RCE

PoC: CVE-2021-41773---Apache-Path-Traversal---RCE

Proof-of-concept (PoC) for CVE-2021-41773, demonstrating Apache HTTP Server 2.4.49 path traversal and remote code execution (RCE) in a controlled lab environment.

PoC: cve-reproduction-lab

Cybersecurity lab demonstrating Apache CVE-2021-41773 path traversal vulnerability with vulnerable server simulation, scanner, and security reporting.

PoC: apache-cve-2021-41773-lab

Vulnerable Docker lab and exploit for Apache HTTP Server 2.4.49 path traversal vulnerability (CVE‑2021‑41773)

PoC: exploitApache

exploit para a CVE-2021-41773:Path Traversal cgi-bin

PoC: LFI-SSH-Fuzzer

This program Prompts you for the Local File Inclusion information and will automatically search the /etc/passwd and using the users names found will search for and download any SSH key or variation of keys to the local computer. This program also performs the CVE-2021-41773_ apache2.4.49 and 50 transversal path exploit.

PoC: Serdyuk-DO-homework-CVE-2021-41773

PoC скрипт для CVE-2021-41773 - Path Traversal в Apache 2.4.49

PoC: cve-2021-41773-checker

A simple Python proof-of-concept tool to check for Apache path traversal vulnerability (CVE-2021-41773). Detects vulnerable server versions and verifies exploitation by probing sensitive files. Built for learning CVE analysis, not mass exploitation.

PoC: CVE-2021-41773-Analysis

Technical analysis and reproduction lab for the Apache HTTP Server 2.4.49 Path Traversal and RCE vulnerability.

PoC: CVE-2021-41773

Apache CVE-2021-41773

PoC: CVE-2021-41773

Path Traversal Apache HTTP Server 2.4.49/2.4.50

PoC: CVE-2021-41773

Remote Code Execution PoC for Apache 2.4.49

PoC: security-lab

Documented CVE-2021-41773 (Apache HTTP Server path traversal, CVSS 9.8) — produced CVSS breakdown, impact assessment, and a mitigation plan (patch to 2.4.51+, CGI disable, firewall) and published the analysis on GitHub.

PoC: CTF_WRITEUPS-TryHackMe-CVE-2021-41773-

CTF_WRITEUPS/TryHackMe /CVE-2021-41773/

PoC: CVE-2021-41773

Bash POC script for RCE vulnerability in Apache 2.4.49

PoC: PoC-CVE-2021-41773

Python exploit for CVE-2021-41773 - Apache HTTP Server 2.4.49 Path Traversal vulnerability

PoC: apache-vulnerable

Detects Apache HTTP Server path traversal vulnerabilities (CVE-2021-41773, CVE-2021-42013) by checking for exposure of /etc/passwd through various traversal techniques.

PoC: CVE-2021-41773

Proof of Concept for CVE-2021-41773: Apache path traversal exploit primarily used by Mirai botnets

PoC: CVE-2021-41773-Apache-2.4.49-

Kiểm thử xâm nhập

PoC: CVE-2021-41773-POC

The POC and Lab setup documentation of CVE 2021 41773

PoC: CVE-2021-41773

CVE-2021-41773

PoC: Apache-HTTP-Server-Vulnerabilities-CVE-2021-41773-and-CVE-2021-42013

In this project, I documented a detailed penetration testing process targeting Apache HTTP Server vulnerabilities, specifically CVE-2021-41773 and CVE-2021-42013, which involve Path Traversal and Remote Code Execution (RCE).

PoC: SSH-key-and-RCE-PoC-for-CVE-2021-41773

This repository contains a Proof-of-Concept for the CVE-2021-41773. This CVE contains a LFI and RCE vulnerablity.

PoC: CVE-2021-41773

MASS CVE-2021-41773

PoC: Additive-Vulnerability-Analysis-CVE-2021-41773

Apache: a Mainstream Web Service Turned a Vector of Attack for Remote Code Execution

PoC: CVE-2021-41773

POC & Lab For CVE-2021-41773

PoC: CVE-2021-41773

CVE-2021-41773.py

PoC: CVE-2021-41773

CVE-2021-41773, CVE-2021-42013

PoC: Apache-CVEs

Exploit created in python3 to exploit known vulnerabilities in Apache web server (CVE-2021-41773, CVE-2021-42013)

PoC: CVE-2021-41773-EXPLOIT

Apache version 2.4.49 & 2.4.50 is vulnerable to a directory traversal attack that could allow attackers to reveal sensitive information or gain remote code execution.

PoC: docker-cve-2021-41773

A little demonstration of cve-2021-41773 on httpd docker containers

PoC: apache2.4.49VulnerableLabSetup

CVE-2021-41773 vulnerable apache version 2.4.49 lab set-up.

PoC: exploit-apache2-cve-2021-41773

Exploit for path transversal vulnerability in apache

PoC: CVE-2021-41773

Vulnerable configuration Apache HTTP Server version 2.4.49

PoC: CVE-2021-41773-Apache-RCE

Apache Exploitation

PoC: CVE-2021-41773

Apache 2.4.49 & 2.4.50 LFI to RCE exploit

PoC: CVE-2021-41773

CVE-2021-41773 Gaurav Raj's exploit modified by Plunder

PoC: Mitigation-Apache-CVE-2021-41773-

Mitigation/fix of CVE-2021-41773 A Path Traversal And File Disclosure Vulnerability In Apache

PoC: CVE-2021-41773-Apache-RCE

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This i

PoC: CVE-2021-41773

CVE-2021-41773 | Apache HTTP Server 2.4.49 is vulnerable to Path Traversal and Remote Code execution attacks

PoC: CVE-2021-41773-Scanner

CVE-2021-41773 Shodan scanner

PoC: netsec-polygon

Environment for CVE-2021-41773 recreation.

PoC: CVE-2021-41773

Small PoC of CVE-2021-41773

PoC: CVE-2021-41773-exercise

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and not earlier v

PoC: CVE-2021-41773-exploiter

School project - Please use other repos for actual testing

PoC: CVE-2021-41773

Ce programme permet de détecter une faille RCE sur les serveurs Apache 2.4.49 et Apache 2.4.50

PoC: Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution-Exploit

This Metasploit module exploits an unauthenticated remote code execution vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used to execute arbitrary commands. This vulnerability has been reintroduced in the Apache 2.4.50 fix (CVE-2021-42013).

PoC: CVE-2021-41773

Setup vulnerable enviornment

PoC: Scanner-CVE-2021-41773

A automatic scanner to apache 2.4.49

PoC: CVE-2021-41773

Poc CVE-2021-41773 - Apache 2.4.49 with CGI enabled

PoC: cve-2021-41773

cve-2021-41773.py is a python script that will help in finding Path Traversal or Remote Code Execution vulnerability in Apache 2.4.49

PoC: CVE-2021-41773

The first vulnerability with the CVE identifier CVE-2021-41773 is a path traversal flaw that exists in Apache HTTP Server 2.4.49.

PoC: cve-2021-41773-docker-lab

Docker container lab to play/learn with CVE-2021-41773

PoC: CVE-2021-41773

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

PoC: CVE-2021-41773

Apache 2.4.49 Exploit

PoC: CVE-2021-41773

CVE-2021-41773 exploit PoC with Docker setup.

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free