CVE-2021-42013CISA KEV: Actively Exploited

Apache HTTP Server Path Traversal Vulnerability

Published Nov 3, 2021·Updated Nov 3, 2021

Description

Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default require all denied or if CGI scripts are enabled. This CVE ID resolves an incomplete patch for CVE-2021-41773.

Public Exploits & PoCs28 found

PoC: CVE-2022-22947-Spring-Cloud-Gateway

CVE-2021-42013批量

53

PoC: cve-2021-42013

Apache 2.4.50 Path traversal vulnerability

18

PoC: CVE-2021-42013-Apache-RCE-Poc-Exp

Apache 远程代码执行 (CVE-2021-42013)批量检测工具:Apache HTTP Server是美国阿帕奇(Apache)基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点,发现 Apache HTTP Server 2.4.50 中针对 CVE-2021-41773 的修复不够充分。攻击者可以使用路径遍历攻击将 URL 映射到由类似别名的指令配置的目录之外的文件。如果这些目录之外的文件不受通常的默认配置“要求全部拒绝”的保护,则这些请求可能会成功。如果还为这些别名路径启用了 CGI 脚本,则这可能允许远程代码执行。此问题仅影响 Apache 2.4.49 和 Apache 2.4.50,而不影响更早版本。

9

PoC: apache-exploit-CVE-2021-42013

Exploit with integrated shodan search

9

PoC: cve-2021-42013

cve-2021-42013.py is a python script that will help in finding Path Traversal or Remote Code Execution vulnerability in Apache 2.4.50

4

PoC: CVE-2021-42013_Reverse-Shell

PoC CVE-2021-42013 reverse shell Apache 2.4.50 with CGI

4

PoC: CVE-2021-42013

Poc CVE-2021-42013 - Apache 2.4.50 without CGI

2

PoC: CVE-2021-42013

These Nmap, Python and Ruby scripts detects and exploits CVE-2021-42013 with RCE and local file disclosure.

1

PoC: CVE-2021-42013-LAB

Apache HTTP Server 2.4.50 - RCE Lab

1

PoC: CVE-2021-42013

Exploit Apache 2.4.50(CVE-2021-42013)

1

PoC: apache-cve-2021-42013-rce

Apache HTTP Server (2.4.49) üzerinde CVE-2021-42013 zafiyetini (Path Traversal & RCE) simüle eden Docker tabanlı sızma testi laboratuvarı.

PoC: CVE-2021-42013

A comprehensive Python-based vulnerability scanner for detecting CVE-2021-41773 and CVE-2021-42013 path traversal and remote code execution vulnerabilities in Apache HTTP Server versions 2.4.49 and 2.4.50.

PoC: Apache-CVE-2021-42013-RCE-Exploit

A powerful and reliable exploit tool for Apache HTTP Server vulnerabilities CVE-2021-41773 and CVE-2021-42013. This tool provides remote code execution capabilities on vulnerable Apache 2.4.49 and 2.4.50 servers.

PoC: POC-CVE-2021-42013-EXPLOIT

Una herramienta avanzada de escaneo, explotación e interacción remota diseñada para detectar y aprovechar la vulnerabilidad Apache Path Traversal + RCE (CVE-2021-42013) en servidores mal configurados.

PoC: cve-2021-42013-apache

On October 4, 2021, Apache HTTP Server Project released Security advisory on a Path traversal and File disclosure vulnerability in Apache HTTP Server 2.4.49 and 2.4.50 tracked as CVE-2021-41773 and CVE-2021-42013. In the advisory, Apache also highlighted “the issue is known to be exploited in the wild” and later it was identified that the vulnerabi

PoC: CVE-2021-42013

CVE-2021-42013, a critical vulnerability in the Apache HTTP Server (2.4.50)

PoC: CVE-2021-42013

CVE-2021-42013 Vulnerability Scanner This Python script checks for the Remote Code Execution (RCE) vulnerability (CVE-2021-42013) in Apache 2.4.50.

PoC: cve-2021-42013

Apache 2.4.50 - Path Traversal or Remote Code Execution

PoC: CVE-2021-42013-EXPLOIT

A PoC exploit for CVE-2021-42013 - Apache 2.4.49 & 2.4.50 Remote Code Execution

PoC: CVE-2021-42013

Apache 2.4.50 Automated Remote Code Execution and Path traversal

PoC: CVE-2021-42013

Exploring CVE-2021-42013, using Suricata and OpenVAS to gather info

PoC: cve-2021-42013-httpd

CVE: 2021-42013 Tested on: 2.4.49 and 2.4.50 Description: Path Traversal or Remote Code Execution vulnerabilities in Apache 2.4.49 and 2.4.50

PoC: CVE-2021-42013

Vulnerable configuration Apache HTTP Server version 2.4.49/2.4.50

PoC: CVE-2021-42013

Apache 2.4.49-50 Remote Code Execution Exploit

PoC: cve-2021-42013

Exploit for Apache 2.4.50 (CVE-2021-42013)

PoC: apache_2.4.50

CVE-2021-42013 - Apache 2.4.50

PoC: CVE-2021-42013

CVE-2021-42013-exp

PoC: cve-2021-42013-docker-lab

Docker container lab to play/learn with CVE-2021-42013

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free