一、 漏洞 CVE-2021-42013 基础信息
漏洞信息
# Apache HTTP Server 路径遍历与RCE漏洞
## 漏洞概述
Apache HTTP Server 在 2.4.50 版本中修复的 CVE-2021-41773 存在不足。攻击者可以通过路径遍历攻击将 URL 映射到配置之外的文件。如果这些目录之外的文件没有通过常规默认配置“require all denied”进行保护,这些请求可能会成功。如果这些别名路径还启用了 CGI 脚本,这可能允许远程代码执行。
## 影响版本
- Apache 2.4.49
- Apache 2.4.50
## 漏洞细节
攻击者可以利用路径遍历攻击将 URL 映射到别名配置之外的文件。默认情况下,这些外部文件并未受到安全限制,因此访问请求可能会成功。此外,如果启用 CGI 脚本,这能进一步导致远程代码执行。
## 影响
该漏洞允许攻击者访问并可能执行配置目录之外的文件,包括启用 CGI 脚本可能导致的远程代码执行。该漏洞仅影响 Apache 2.4.49 和 2.4.50 版本。
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
来源:美国国家漏洞数据库 NVD
漏洞描述信息
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
对路径名的限制不恰当(路径遍历)
来源:美国国家漏洞数据库 NVD
漏洞标题
Apache HTTP Server 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Apache HTTP Server是美国阿帕奇(Apache)基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server 存在安全漏洞,该漏洞源于发现 Apache HTTP Server 2.4.50 版本中对 CVE-2021-41773 的修复不够充分。攻击者可以使用路径遍历攻击将 URL 映射到由类似别名的指令配置的目录之外的文件。如果这些目录之外的文件不受通常的默认配置“要求全部拒绝”的保护,则这些请求可能会成功。如果还为这些别
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2021-42013 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | Exploit with integrated shodan search | https://github.com/andrea-mattioli/apache-exploit-CVE-2021-42013 | POC详情 |
| 2 | Apache 2.4.50 Path traversal vulnerability | https://github.com/Vulnmachines/cve-2021-42013 | POC详情 |
| 3 | Docker container lab to play/learn with CVE-2021-42013 | https://github.com/twseptian/cve-2021-42013-docker-lab | POC详情 |
| 4 | None | https://github.com/LayarKacaSiber/CVE-2021-42013 | POC详情 |
| 5 | Poc CVE-2021-42013 - Apache 2.4.50 without CGI | https://github.com/TheLastVvV/CVE-2021-42013 | POC详情 |
| 6 | PoC CVE-2021-42013 reverse shell Apache 2.4.50 with CGI | https://github.com/TheLastVvV/CVE-2021-42013_Reverse-Shell | POC详情 |
| 7 | cve-2021-42013.py is a python script that will help in finding Path Traversal or Remote Code Execution vulnerability in Apache 2.4.50 | https://github.com/walnutsecurity/cve-2021-42013 | POC详情 |
| 8 | Exploit Apache 2.4.50(CVE-2021-42013) | https://github.com/robotsense1337/CVE-2021-42013 | POC详情 |
| 9 | None | https://github.com/xMohamed0/CVE-2021-42013-ApacheRCE | POC详情 |
| 10 | Apache 远程代码执行 (CVE-2021-42013)批量检测工具:Apache HTTP Server是美国阿帕奇(Apache)基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点,发现 Apache HTTP Server 2.4.50 中针对 CVE-2021-41773 的修复不够充分。攻击者可以使用路径遍历攻击将 URL 映射到由类似别名的指令配置的目录之外的文件。如果这些目录之外的文件不受通常的默认配置“要求全部拒绝”的保护,则这些请求可能会成功。如果还为这些别名路径启用了 CGI 脚本,则这可能允许远程代码执行。此问题仅影响 Apache 2.4.49 和 Apache 2.4.50,而不影响更早版本。 | https://github.com/asaotomo/CVE-2021-42013-Apache-RCE-Poc-Exp | POC详情 |
| 11 | CVE-2021-42013-exp | https://github.com/rnsss/CVE-2021-42013 | POC详情 |
| 12 | Apache HTTP Server 2.4.50 - RCE Lab | https://github.com/jas9reet/CVE-2021-42013-LAB | POC详情 |
| 13 | These Nmap, Python and Ruby scripts detects and exploits CVE-2021-42013 with RCE and local file disclosure. | https://github.com/mauricelambert/CVE-2021-42013 | POC详情 |
| 14 | None | https://github.com/honypot/CVE-2021-42013 | POC详情 |
| 15 | None | https://github.com/Adashz/CVE-2021-42013 | POC详情 |
| 16 | CVE-2021-42013 - Apache 2.4.50 | https://github.com/hadrian3689/apache_2.4.50 | POC详情 |
| 17 | Exploit for Apache 2.4.50 (CVE-2021-42013) | https://github.com/viliuspovilaika/cve-2021-42013 | POC详情 |
| 18 | Apache 2.4.49-50 Remote Code Execution Exploit | https://github.com/theykillmeslowly/CVE-2021-42013 | POC详情 |
| 19 | None | https://github.com/mightysai1997/cve-2021-42013 | POC详情 |
| 20 | None | https://github.com/mightysai1997/cve-2021-42013L | POC详情 |
| 21 | None | https://github.com/mightysai1997/cve-2021-42013.get | POC详情 |
| 22 | Vulnerable configuration Apache HTTP Server version 2.4.49/2.4.50 | https://github.com/12345qwert123456/CVE-2021-42013 | POC详情 |
| 23 | CVE: 2021-42013 Tested on: 2.4.49 and 2.4.50 Description: Path Traversal or Remote Code Execution vulnerabilities in Apache 2.4.49 and 2.4.50 | https://github.com/cybfar/cve-2021-42013-httpd | POC详情 |
| 24 | Exploring CVE-2021-42013, using Suricata and OpenVAS to gather info | https://github.com/vudala/CVE-2021-42013 | POC详情 |
| 25 | Apache 2.4.50 Automated Remote Code Execution and Path traversal | https://github.com/birdlinux/CVE-2021-42013 | POC详情 |
| 26 | None | https://github.com/Hamesawian/CVE-2021-42013 | POC详情 |
| 27 | A PoC exploit for CVE-2021-42013 - Apache 2.4.49 & 2.4.50 Remote Code Execution | https://github.com/K3ysTr0K3R/CVE-2021-42013-EXPLOIT | POC详情 |
| 28 | Apache 2.4.50 - Path Traversal or Remote Code Execution | https://github.com/Rubikcuv5/cve-2021-42013 | POC详情 |
| 29 | None | https://github.com/imhunterand/CVE-2021-42013 | POC详情 |
| 30 | CVE-2021-42013 Vulnerability Scanner This Python script checks for the Remote Code Execution (RCE) vulnerability (CVE-2021-42013) in Apache 2.4.50. | https://github.com/BassoNicolas/CVE-2021-42013 | POC详情 |
| 31 | CVE-2021-42013, a critical vulnerability in the Apache HTTP Server (2.4.50) | https://github.com/rafifdna/CVE-2021-42013 | POC详情 |
| 32 | On October 4, 2021, Apache HTTP Server Project released Security advisory on a Path traversal and File disclosure vulnerability in Apache HTTP Server 2.4.49 and 2.4.50 tracked as CVE-2021-41773 and CVE-2021-42013. In the advisory, Apache also highlighted “the issue is known to be exploited in the wild” and later it was identified that the vulnerabi | https://github.com/Jhonsonwannaa/cve-2021-42013-apache | POC详情 |
| 33 | None | https://github.com/bananoname/cve-2021-42013 | POC详情 |
| 34 | On October 4, 2021, Apache HTTP Server Project released Security advisory on a Path traversal and File disclosure vulnerability in Apache HTTP Server 2.4.49 and 2.4.50 tracked as CVE-2021-41773 and CVE-2021-42013. In the advisory, Apache also highlighted “the issue is known to be exploited in the wild” and later it was identified that the vulnerabi | https://github.com/dream434/cve-2021-42013-apache | POC详情 |
| 35 | None | https://github.com/asepsaepdin/cve-2021-42013 | POC详情 |
| 36 | None | https://github.com/asepsaepdin/CVE-2021-42013 | POC详情 |
| 37 | A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49 and 2.4.50. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally, this flaw could leak the source of interpreted files like CGI scripts. In certain configurations, for instance if mod_cgi is enabled, this flaw can lead to remote code execution. This issue only affects Apache 2.4.49 and 2.4.50 and not earlier versions. Note - CVE-2021-42013 is due to an incomplete fix for the original vulnerability CVE-2021-41773. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-42013.yaml | POC详情 |
| 38 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Apache%20HTTP%20Server%202.4.50%20%E8%B7%AF%E5%BE%84%E7%A9%BF%E8%B6%8A%E6%BC%8F%E6%B4%9E%20CVE-2021-42013.md | POC详情 |
| 39 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Apache%20HTTPd%20%E8%B7%AF%E5%BE%84%E7%A9%BF%E8%B6%8A%E6%BC%8F%E6%B4%9E%20CVE-2021-42013.md | POC详情 |
| 40 | https://github.com/vulhub/vulhub/blob/master/httpd/CVE-2021-42013/README.md | POC详情 | |
| 41 | Una herramienta avanzada de escaneo, explotación e interacción remota diseñada para detectar y aprovechar la vulnerabilidad Apache Path Traversal + RCE (CVE-2021-42013) en servidores mal configurados. | https://github.com/Makavellik/POC-CVE-2021-42013-EXPLOIT | POC详情 |
| 42 | A powerful and reliable exploit tool for Apache HTTP Server vulnerabilities CVE-2021-41773 and CVE-2021-42013. This tool provides remote code execution capabilities on vulnerable Apache 2.4.49 and 2.4.50 servers. | https://github.com/FakhriCRD/Apache-CVE-2021-42013-RCE-Exploit | POC详情 |
三、漏洞 CVE-2021-42013 的情报信息
- https://www.povilaika.com/apache-2-4-50-exploit/ x_refsource_MISC
- http://packetstormsecurity.com/files/167397/Apache-2.4.50-Remote-Code-Execution.html x_refsource_MISC
- https://www.oracle.com/security-alerts/cpuapr2022.html x_refsource_MISC
- http://packetstormsecurity.com/files/165089/Apache-HTTP-Server-2.4.50-CVE-2021-42013-Exploitation.html x_refsource_MISC
- http://packetstormsecurity.com/files/164609/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html x_refsource_MISC
- http://packetstormsecurity.com/files/164501/Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html x_refsource_MISC
- http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html x_refsource_MISC
- http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html x_refsource_MISC
- https://security.netapp.com/advisory/ntap-20211029-0009/ x_refsource_CONFIRM
- https://www.oracle.com/security-alerts/cpujan2022.html x_refsource_MISC
-
标题: Apache HTTP Server 2.4 vulnerabilities - The Apache HTTP Server Project -- 🔗来源链接
标签: x_refsource_MISC
- http://jvn.jp/en/jp/JVN51106450/index.html third-party-advisory x_refsource_JVN
- https://security.gentoo.org/glsa/202208-20 vendor-advisory x_refsource_GENTOO
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/ vendor-advisory x_refsource_FEDORA
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/ vendor-advisory x_refsource_FEDORA
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ vendor-advisory x_refsource_CISCO
- https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E mailing-list x_refsource_MLIST
- https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E mailing-list x_refsource_MLIST
- http://www.openwall.com/lists/oss-security/2021/10/07/6 mailing-list x_refsource_MLIST
- http://www.openwall.com/lists/oss-security/2021/10/11/4 mailing-list x_refsource_MLIST
- http://www.openwall.com/lists/oss-security/2021/10/09/1 mailing-list x_refsource_MLIST
- http://www.openwall.com/lists/oss-security/2021/10/15/3 mailing-list x_refsource_MLIST
- http://www.openwall.com/lists/oss-security/2021/10/16/1 mailing-list x_refsource_MLIST
- http://www.openwall.com/lists/oss-security/2021/10/08/5 mailing-list x_refsource_MLIST
- http://www.openwall.com/lists/oss-security/2021/10/08/6 mailing-list x_refsource_MLIST
- http://www.openwall.com/lists/oss-security/2021/10/08/4 mailing-list x_refsource_MLIST
- http://www.openwall.com/lists/oss-security/2021/10/08/3 mailing-list x_refsource_MLIST
- http://www.openwall.com/lists/oss-security/2021/10/08/2 mailing-list x_refsource_MLIST
- http://www.openwall.com/lists/oss-security/2021/10/08/1 mailing-list x_refsource_MLIST
- https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E mailing-list x_refsource_MLIST
- https://nvd.nist.gov/vuln/detail/CVE-2021-42013
四、漏洞 CVE-2021-42013 的评论
暂无评论