一、 漏洞 CVE-2021-41773 基础信息
漏洞标题
Apache HTTP Server 2.4.49中的路径穿越和文件泄露漏洞
来源:AIGC 神龙大模型
漏洞描述信息
Apache HTTP Server 2.4.49存在路径遍历和文件泄露漏洞
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
来源:AIGC 神龙大模型
漏洞类别
N/A
来源:AIGC 神龙大模型
漏洞标题
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
来源:美国国家漏洞数据库 NVD
漏洞描述信息
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
对路径名的限制不恰当(路径遍历)
来源:美国国家漏洞数据库 NVD
漏洞标题
Apache HTTP Server 路径遍历漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Apache HTTP Server是美国阿帕奇(Apache)基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server 2.4.49版本存在路径遍历漏洞,攻击者可利用该漏洞使用路径遍历攻击将URL映射到预期文档根以外的文件。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
路径遍历
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2021-41773 的公开POC
# POC 描述 源链接 神龙链接
1 CVE-2021-41773 Path Traversal vulnerability in Apache 2.4.49. https://github.com/Vulnmachines/cve-2021-41773 POC详情
2 CVE-2021-41773 https://github.com/numanturle/CVE-2021-41773 POC详情
3 Path traversal in Apache HTTP Server 2.4.49 (CVE-2021-41773) https://github.com/knqyf263/CVE-2021-41773 POC详情
4 None https://github.com/ZephrFish/CVE-2021-41773-PoC POC详情
5 None https://github.com/iilegacyyii/PoC-CVE-2021-41773 POC详情
6 None https://github.com/masahiro331/CVE-2021-41773 POC详情
7 Exploitation of CVE-2021-41773 a Directory Traversal in Apache 2.4.49. https://github.com/j4k0m/CVE-2021-41773 POC详情
8 Poc.py https://github.com/TishcaTpx/POC-CVE-2021-41773 POC详情
9 None https://github.com/lorddemon/CVE-2021-41773-PoC POC详情
10 Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE https://github.com/Ls4ss/CVE-2021-41773_CVE-2021-42013 POC详情
11 CVE-2021-41773 POC with Docker https://github.com/itsecurityco/CVE-2021-41773 POC详情
12 PoC for CVE-2021-41773 with docker to demonstrate https://github.com/habibiefaried/CVE-2021-41773-PoC POC详情
13 CVE-2021-41773 https://github.com/creadpag/CVE-2021-41773-POC POC详情
14 CVE-2021-41773.nse https://github.com/TAI-REx/cve-2021-41773-nse POC详情
15 CVE-2021-41773 playground https://github.com/blasty/CVE-2021-41773 POC详情
16 Path Traversal vulnerability in Apache 2.4.49 https://github.com/PentesterGuruji/CVE-2021-41773 POC详情
17 Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 (CVE-2021-41773) https://github.com/jbovet/CVE-2021-41773 POC详情
18 None https://github.com/mohwahyudi/cve-2021-41773 POC详情
19 CVE-2021-41773 的复现 https://github.com/1nhann/CVE-2021-41773 POC详情
20 None https://github.com/ranggaggngntt/CVE-2021-41773 POC详情
21 Vulnerable docker images for CVE-2021-41773 https://github.com/BlueTeamSteve/CVE-2021-41773 POC详情
22 Metasploit-Framework modules (scanner and exploit) for the CVE-2021-41773 and CVE-2021-42013 (Path Traversal in Apache 2.4.49/2.4.50) https://github.com/Zeop-CyberSec/apache_normalize_path POC详情
23 None https://github.com/r00tVen0m/CVE-2021-41773 POC详情
24 exploit to CVE-2021-41773 https://github.com/n3k00n3/CVE-2021-41773 POC详情
25 None https://github.com/fnatalucci/CVE-2021-41773-RCE POC详情
26 Apache 2.4.49 https://github.com/AssassinUKG/CVE-2021-41773 POC详情
27 Simple script realizado en bash, para revisión de múltiples hosts para CVE-2021-41773 (Apache) https://github.com/jheeree/Simple-CVE-2021-41773-checker POC详情
28 Apache HTTPd (2.4.49) – Local File Disclosure (LFI) https://github.com/orangmuda/CVE-2021-41773 POC详情
29 A framework for bug hunting or pentesting targeting websites that have CVE-2021-41773 Vulnerability in public https://github.com/HightechSec/scarce-apache2 POC详情
30 CVE-2021-41773, poc, exploit https://github.com/vinhjaxt/CVE-2021-41773-exploit POC详情
31 CVE-2021-41773 exploit PoC with Docker setup. https://github.com/sixpacksecurity/CVE-2021-41773 POC详情
32 None https://github.com/Hattan515/POC-CVE-2021-41773 POC详情
33 CVE-2021-41773: Path Traversal Zero-Day in Apache HTTP Server Exploited https://github.com/twseptian/cve-2021-41773 POC详情
34 CVE-2021-41773 https://github.com/noflowpls/CVE-2021-41773 POC详情
35 Apache 2.4.49 Exploit https://github.com/McSl0vv/CVE-2021-41773 POC详情
36 None https://github.com/shiomiyan/CVE-2021-41773 POC详情
37 MASS CVE-2021-41773 https://github.com/justakazh/mass_cve-2021-41773 POC详情
38 Mass exploitation CVE-2021-41773 and auto detect possible RCE https://github.com/Sakura-nee/CVE-2021-41773 POC详情
39 This is a simple POC for Apache/2.4.49 Path Traversal Vulnerability https://github.com/shellreaper/CVE-2021-41773 POC详情
40 Exploit for Apache 2.4.49 https://github.com/0xRar/CVE-2021-41773 POC详情
41 None https://github.com/pisut4152/Sigma-Rule-for-CVE-2021-41773-and-CVE-2021-42013-exploitation-attempt POC详情
42 A Zeek package which raises notices for Path Traversal/RCE in Apache HTTP Server 2.4.49 (CVE-2021-41773) and 2.4.50 (CVE-2021-42013) https://github.com/corelight/CVE-2021-41773 POC详情
43 Fast python tool to test apache path traversal CVE-2021-41773 in a List of url https://github.com/zeronine9/CVE-2021-41773 POC详情
44 A Python script to check if an Apache web server is vulnerable to CVE-2021-41773 https://github.com/b1tsec/CVE-2021-41773 POC详情
45 POC https://github.com/superzerosec/CVE-2021-41773 POC详情
46 Apache (Linux) CVE-2021-41773/2021-42013 Mass Vulnerability Checker https://github.com/im-hanzou/apachrot POC详情
47 CVE-2021-41773 CVE-2021-42013漏洞批量检测工具 https://github.com/inbug-team/CVE-2021-41773_CVE-2021-42013 POC详情
48 cve-2021-41773 即 cve-2021-42013 批量检测脚本 https://github.com/5gstudent/cve-2021-41773-and-cve-2021-42013 POC详情
49 Apache 2.4.49 Path Traversal Vulnerability Checker https://github.com/EagleTube/CVE-2021-41773 POC详情
50 None https://github.com/cgddgc/CVE-2021-41773-42013 POC详情
51 CVE-2021-41773 Grabber https://github.com/apapedulimu/Apachuk POC详情
52 Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE https://github.com/scarmandef/CVE-2021-41773 POC详情
53 Path Traversal and RCE in Apache HTTP Server 2.4.49 https://github.com/0xAlmighty/CVE-2021-41773-PoC POC详情
54 critical: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (CVE-2021-42013) https://github.com/ksanchezcld/httpd-2.4.49 POC详情
55 Tool check: CVE-2021-41773, CVE-2021-42013, CVE-2020-17519 https://github.com/MrCl0wnLab/SimplesApachePathTraversal POC详情
56 apache httpd path traversal checker(CVE-2021-41773 / CVE-2021-42013) https://github.com/theLSA/apache-httpd-path-traversal-checker POC详情
57 The first vulnerability with the CVE identifier CVE-2021-41773 is a path traversal flaw that exists in Apache HTTP Server 2.4.49. https://github.com/LudovicPatho/CVE-2021-41773 POC详情
58 Simple honeypot for CVE-2021-41773 vulnerability https://github.com/lopqto/CVE-2021-41773_Honeypot POC详情
59 Lab setup for CVE-2021-41773 (Apache httpd 2.4.49) and CVE-2021-42013 (Apache httpd 2.4.50). https://github.com/zerodaywolf/CVE-2021-41773_42013 POC详情
60 None https://github.com/qwutony/CVE-2021-41773 POC详情
61 None https://github.com/LayarKacaSiber/CVE-2021-41773 POC详情
62 None https://github.com/BabyTeam1024/CVE-2021-41773 POC详情
63 cve-2021-41773.py is a python script that will help in finding Path Traversal or Remote Code Execution vulnerability in Apache 2.4.49 https://github.com/walnutsecurity/cve-2021-41773 POC详情
64 Poc CVE-2021-41773 - Apache 2.4.49 with CGI enabled https://github.com/TheLastVvV/CVE-2021-41773 POC详情
65 None https://github.com/MazX0p/CVE-2021-41773 POC详情
66 A automatic scanner to apache 2.4.49 https://github.com/vida003/Scanner-CVE-2021-41773 POC详情
67 Remote Code Execution exploit for Apache servers. Affected versions: Apache 2.4.49, Apache 2.4.50 https://github.com/mr-exo/CVE-2021-41773 POC详情
68 Setup vulnerable enviornment https://github.com/wolf1892/CVE-2021-41773 POC详情
69 Some docker images to play with CVE-2021-41773 and CVE-2021-42013 https://github.com/Hydragyrum/CVE-2021-41773-Playground POC详情
70 This Metasploit module exploits an unauthenticated remote code execution vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used to execute arbitrary commands. This vulnerability has been reintroduced in the Apache 2.4.50 fix (CVE-2021-42013). https://github.com/IcmpOff/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution-Exploit POC详情
71 Ce programme permet de détecter une faille RCE sur les serveurs Apache 2.4.49 et Apache 2.4.50 https://github.com/pirenga/CVE-2021-41773 POC详情
72 None https://github.com/kubota/POC-CVE-2021-41773 POC详情
73 None https://github.com/xMohamed0/CVE-2021-41773 POC详情
74 None https://github.com/i6c/MASS_CVE-2021-41773 POC详情
75 School project - Please use other repos for actual testing https://github.com/norrig/CVE-2021-41773-exploiter POC详情
76 A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and not earlier versions. Credits to: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41773 https://github.com/m96dg/CVE-2021-41773-exercise POC详情
77 None https://github.com/skentagon/CVE-2021-41773 POC详情
78 These Metasploit, Nmap, Python and Ruby scripts detects and exploits CVE-2021-41773 with RCE and local file disclosure. https://github.com/mauricelambert/CVE-2021-41773 POC详情
79 Small PoC of CVE-2021-41773 https://github.com/the29a/CVE-2021-41773 POC详情
80 Apache2 2.4.49 - LFI & RCE Exploit - CVE-2021-41773 https://github.com/thehackersbrain/CVE-2021-41773 POC详情
81 None https://github.com/honypot/CVE-2021-41773 POC详情
82 None https://github.com/Fa1c0n35/CVE-2021-41773 POC详情
83 None https://github.com/puckiestyle/CVE-2021-41773 POC详情
84 None https://github.com/zer0qs/CVE-2021-41773 POC详情
85 None https://github.com/DoTuan1/Reserch-CVE-2021-41773 POC详情
86 Environment for CVE-2021-41773 recreation. https://github.com/bernardas/netsec-polygon POC详情
87 CVE-2021-41773 | CVE-2021-42013 Exploit Tool (Apache/2.4.49-2.4.50) https://github.com/CalfCrusher/Path-traversal-RCE-Apache-2.4.49-2.4.50-Exploit POC详情
88 None https://github.com/vuongnv3389-sec/cve-2021-41773 POC详情
89 None https://github.com/Chocapikk/CVE-2021-41773 POC详情
90 CVE-2021-41773&CVE-2021-42013图形化漏洞检测利用工具 https://github.com/wangfly-me/Apache_Penetration_Tool POC详情
91 CVE-2021-41773 Shodan scanner https://github.com/anldori/CVE-2021-41773-Scanner POC详情
92 Essay (and PoCs) about CVE-2021-41773, a remote code execution vulnerability in Apache 2.4.49 🕸️ https://github.com/iosifache/ApacheRCEEssay POC详情
93 CVE-2021-41773 | Apache HTTP Server 2.4.49 is vulnerable to Path Traversal and Remote Code execution attacks https://github.com/Habib0x0/CVE-2021-41773 POC详情
94 A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013. https://github.com/pwn3z/CVE-2021-41773-Apache-RCE POC详情
95 Mitigation/fix of CVE-2021-41773 A Path Traversal And File Disclosure Vulnerability In Apache https://github.com/EkamSinghWalia/Mitigation-Apache-CVE-2021-41773- POC详情
96 CVE-2021-41773 Gaurav Raj's exploit modified by Plunder https://github.com/Plunder283/CVE-2021-41773 POC详情
97 None https://github.com/mightysai1997/cve-2021-41773 POC详情
98 None https://github.com/mightysai1997/CVE-2021-41773h POC详情
99 None https://github.com/mightysai1997/cve-2021-41773-v- POC详情
100 None https://github.com/mightysai1997/CVE-2021-41773-i- POC详情
101 None https://github.com/mightysai1997/CVE-2021-41773-L- POC详情
102 None https://github.com/mightysai1997/CVE-2021-41773-PoC POC详情
103 None https://github.com/mightysai1997/CVE-2021-41773.git1 POC详情
104 None https://github.com/mightysai1997/CVE-2021-41773m POC详情
105 None https://github.com/mightysai1997/CVE-2021-41773S POC详情
106 None https://github.com/dileepdkumar/LayarKacaSiber-CVE-2021-41773 POC详情
107 apache路径穿越漏洞poc&exp https://github.com/aqiao-jashell/CVE-2021-41773 POC详情
108 python编写的apache路径穿越poc&exp https://github.com/aqiao-jashell/py-CVE-2021-41773 POC详情
109 Vulnerable configuration Apache HTTP Server version 2.4.49 https://github.com/12345qwert123456/CVE-2021-41773 POC详情
110 Apache HTTP-Server 2.4.49-2.4.50 Path Traversal & Remote Code Execution PoC (CVE-2021-41773 & CVE-2021-42013) https://github.com/blackn0te/Apache-HTTP-Server-2.4.49-2.4.50-Path-Traversal-Remote-Code-Execution POC详情
111 Exploit for path transversal vulnerability in apache https://github.com/TheKernelPanic/exploit-apache2-cve-2021-41773 POC详情
112 CVE-2021-41773 vulnerable apache version 2.4.49 lab set-up. https://github.com/retrymp3/apache2.4.49VulnerableLabSetup POC详情
113 A little demonstration of cve-2021-41773 on httpd docker containers https://github.com/MatanelGordon/docker-cve-2021-41773 POC详情
114 Exploit created in python3 to exploit known vulnerabilities in Apache web server (CVE-2021-41773, CVE-2021-42013) https://github.com/0xGabe/Apache-CVEs POC详情
115 Exploit CVE-2021-41773 and CVE-2021-42013 https://github.com/OfriOuzan/CVE-2021-41773_CVE-2021-42013_Exploits POC详情
116 Simple Metasploit-Framework module for conducting website penetration tests (CVE-2021-41773). https://github.com/belajarqywok/CVE-2021-41773-MSF POC详情
117 None https://github.com/Iris288/CVE-2021-41773 POC详情
118 None https://github.com/ilurer/CVE-2021-41773-42013 POC详情
119 CVE-2021-41773, CVE-2021-42013 https://github.com/OpenCVEs/CVE-2021-41773 POC详情
120 CVE-2021-41773.py https://github.com/Maybe4a6f7365/CVE-2021-41773 POC详情
121 None https://github.com/5l1v3r1/CVE-2021-41773-42013 POC详情
122 POC & Lab For CVE-2021-41773 https://github.com/0xc4t/CVE-2021-41773 POC详情
123 Apache-HTTP-Server-2.4.50-RCE This tool is designed to test Apache servers for the CVE-2021-41773 / CVE-2021-42013 vulnerability. It is intended for educational purposes only and should be used responsibly on systems you have explicit permission to test. https://github.com/Zyx2440/Apache-HTTP-Server-2.4.50-RCE POC详情
124 Apache: a Mainstream Web Service Turned a Vector of Attack for Remote Code Execution https://github.com/jkska23/Additive-Vulnerability-Analysis-CVE-2021-41773 POC详情
125 This document provides step-by-step instructions on performing a proof of concept (PoC) exploit on Apache HTTP Server 2.4.29, taking advantage of the path traversal vulnerability (CVE-2021-41773) and the globally accessible /tmp folder on Linux and MITIGATION https://github.com/nwclasantha/Apache_2.4.29_Exploit POC详情
126 None https://github.com/redspy-sec/CVE-2021-41773 POC详情
127 MASS CVE-2021-41773 https://github.com/FakesiteSecurity/CVE-2021-41773 POC详情
128 None https://github.com/Taldrid1/cve-2021-41773 POC详情
129 This repository contains a Proof-of-Concept for the CVE-2021-41773. This CVE contains a LFI and RCE vulnerablity. https://github.com/tiemio/SSH-key-and-RCE-PoC-for-CVE-2021-41773 POC详情
130 Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE https://github.com/ch4os443/CVE-2021-41773 POC详情
131 In this project, I documented a detailed penetration testing process targeting Apache HTTP Server vulnerabilities, specifically CVE-2021-41773 and CVE-2021-42013, which involve Path Traversal and Remote Code Execution (RCE). https://github.com/Vanshuk-Bhagat/Apache-HTTP-Server-Vulnerabilities-CVE-2021-41773-and-CVE-2021-42013 POC详情
132 CVE-2021-41773 https://github.com/javaamo/CVE-2021-41773 POC详情
133 The POC and Lab setup documentation of CVE 2021 41773 https://github.com/ashique-thaha/CVE-2021-41773-POC POC详情
134 On the 11/11/21 the apache 2.4.49-2.4.50 remote command execution POC has been published online and this is a loader so that you can mass exploit servers using this. https://github.com/Soliux/CVE-2021-41773 POC详情
135 None https://github.com/luongchivi/CVE-2021-41773 POC详情
136 None https://github.com/luongchivi/Preproduce-CVE-2021-41773 POC详情
137 A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally, this flaw could leak the source of interpreted files like CGI scripts. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-41773.yaml POC详情
138 None https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Apache%20HTTPd%20%E8%B7%AF%E5%BE%84%E7%A9%BF%E8%B6%8A%E6%BC%8F%E6%B4%9E%20CVE-2021-41773.md POC详情
139 None https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Apache%20HTTP%20Server%202.4.49%20%E8%B7%AF%E5%BE%84%E7%A9%BF%E8%B6%8A%E6%BC%8F%E6%B4%9E%20CVE-2021-41773.md POC详情
140 None https://github.com/chaitin/xray-plugins/blob/main/poc/manual/apache-httpd-cve-2021-41773-rce.yml POC详情
141 https://github.com/vulhub/vulhub/blob/master/httpd/CVE-2021-41773/README.md POC详情
142 Kiểm thử xâm nhập https://github.com/khaidtraivch/CVE-2021-41773-Apache-2.4.49- POC详情
三、漏洞 CVE-2021-41773 的情报信息