7.5
CVSSv2

CVE-2021-42013

Published: 07/10/2021 Updated: 25/10/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server 2.4.49

apache http server 2.4.50

fedoraproject fedora 34

fedoraproject fedora 35

Vendor Advisories

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2450 was insufficient An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives If files outside of these directories are not protected by the usual default configuration "require all denied", these requests ca ...
Arch Linux Security Advisory ASA-202110-1 ========================================= Severity: Critical Date : 2021-10-21 CVE-ID : CVE-2021-42013 Package : apache Type : directory traversal Remote : Yes Link : securityarchlinuxorg/AVG-2450 Summary ======= The package apache before version 2451-1 is vulnerable to directory t ...
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2450 was insufficient An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives If files outside of these directories are not protected by the usual default configuration "require all denied", these requests ca ...
On October 5, 2021 and October 7, 2021, the Apache Software Foundation released two security announcements for the Apache HTTP Server that disclosed the following vulnerabilities: CVE-2021-41524: Null Pointer Dereference Vulnerability CVE-2021-41773: Path Traversal and Remote Code Execution Vulnerability CVE-2021-42013: Path Traversal and Remote ...

Mailing Lists

Apache HTTP Server version 2450 suffers from path traversal and code execution vulnerabilities ...
Thanks Yann, I'm happy you agree with my analysis It also seems to match the one by your colleage Stefan (that you referenced) I just wanted to clarify that the impact of both CVEs is exactly the same: RCE and/or arbitrary file read and/or none, depending on httpd config :-) There's no difference between Apache 2449 and 2450 in that regard ...
On Sat, Oct 9, 2021 at 8:00 PM Roman Medina-Heigl Hernandez <roman () rs-labs com> wrote: I appreciate this nuance in your tweetS For completeness :) I'll note that most configs (default, vendors, distros) are not vulnerable to the RCE The removal of "<Directory/> require all denied" is an exploit httpd can do nothing about httpd p ...
On Fri, Oct 08, 2021 at 08:37:33PM +0200, Yann Ylavic wrote: Yann is probably referring to the full tweet thread by Roman, not just the one tweet that Roman posted in here Let me correct that: --- Román Medina-Heigl Hernández @roman_soft RCE exploit both for Apache 2449 (CVE-2021-41773) and 2450 (CVE-2021-42013): root@CT406:~# curl 'htt ...
Hi, I posted RCE exploit for this (it works for both CVEs: 41773 & 42013) and some other details regarding requirements / exploitability, which you may find useful at: twittercom/roman_soft/status/1446252280597078024 Excerpt (for the sake of ml-archive): RCE exploit both for Apache 2449 (CVE-2021-41773) and 2450 (CVE-2021-4201 ...

Github Repositories

CVE-2021-42013-Lab Docker container lab to play/learn with CVE-2021-42013

CVE-2021-42013 - Apache HTTP Server 2450 Cara Menjalankan Lab CVE-2021-42013-Path Traversal Install dan jalankan Docker di PC/Laptop anda Clone github repo ini Pergi ke folder Path Traversal Masukan perintah sebagai berikut docker build -t cve-2021-42013-path-traversal dan docker run --rm -dit -p 8888:80 cve-2021-42013-path-traversal Akses menggunakan browser dengan mengun

CVE-2021-42013-Lab Docker container lab to play/learn with CVE-2021-42013 File disclosure: $ docker build -t apache-default default_conf $ docker run -dit --name apache-app -p 81:80 apache-default PoC $ curl -s --path-as-is "1721702:80/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65

CVE-2021-42013 Poc CVE-2021-42013 - Apache 2450 without CGI enable Usage : chmod -x CVE-2021-42013sh /CVE-2021-42013sh ip:port/ /etc/passwd References nvdnistgov/vuln/detail/CVE-2021-42013 cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2021-42013

CVE-2021-42013_Reverse-Shell PoC CVE-2021-42013 reverse shell Apache 2450 with CGI Usage : chmod -x CVE-2021-42013sh /CVE-2021-42013_reverseshellsh ip:port/ LHOST LPORT More info: chmod -x CVE-2021-42013sh /CVE-2021-42013_reverseshellsh ip:8083 100000000 9999 nc -lvnp 9999

cve-2021-42013 Apache 2450 Path traversal vulnerability

apache-exploit-CVE-2021-42013 Exploit with integrated shodan search

CVE-2021-42013

CVE-2021-41773 CVE-2021-41773: Path Traversal Zero-Day in Apache HTTP Server Exploited Apache HTTP Server CVE-2021-41773 Exploited in the Wild CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2449 and 2450 (incomplete fix of CVE-2021-41773) Shodan oneliner shodan search Apache Server 2449 | awk '{print $1":"$2}' | while

Apache HTTP Server 2449, 2450 - Path Traversal & RCE Exploit Author: Lucas Souza lsassio Vendor Homepage: apacheorg/ Version: 2449, 2450 Tested on: 2449, 2450 CVE : CVE-2021-41773, CVE-2021-42013 Credits: Ash Daulton and the cPanel Security Team Usage /PoCsh targetstxt /etc/passwd /PoCsh targetstxt /bin/sh "id"

CVE-2021-41773_CVE-2021-42013 CVE-2021-41773 CVE-2021-42013多线程漏洞批量检测与利用工具 简介 本工具只可用于安全测试,勿用于非法用途! 工具定位 CVE-2021-41773 CVE-2021-42013多线程漏洞批量检测与利用工具 工具截图 提交反馈 如有好的建议,以及发现BUG。 GitHub issue: githubcom/inbug-team/CVE-2021-41773

Apache (CVE-2021-41773, CVE-2021-42013) Vulnerability Checker cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2021-41773 cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2021-42013 Using GNU Parallel You must have parallel for using this tool Install Parallel Linux : apt-get install parallel -y Windows : stackoverflowcom/questions/52393850/how-to-install-gnu-para

apache-httpd-path-traversal-checker apache httpd path traversal checker(CVE-2021-41773 / CVE-2021-42013)

What is EzpzShell? Collection Of Reverse Shell that can easily generate using different Programming Language Currently only python3 is fully updated and others still in development This repo is for my own educational purpose and I would like to refer back in future Thank you! Disclaimer: Do not use this script for illegal use Any action you take upon the information on this

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

Recent Articles

Apache emergency update fixes incomplete patch for exploited bug
BleepingComputer • Lawrence Abrams • 07 Oct 2021

Apache Software Foundation has released HTTP Web Server 2.4.51 after researchers discovered that a previous security update didn't correctly fix an actively exploited vulnerability.
Apache HTTP Server is an open-source, cross-platform web server that powers approximately
.
 On Tuesday, Apache released Apache HTTP 2.4.50 to 
 in version 2.4.49 (tracked as CVE-2021-41773). This flaw allows threat actors to view the contents of files stored on a vulnerable server.
...

References

CWE-22https://httpd.apache.org/security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837@%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb@%3Cusers.httpd.apache.org%3Ehttp://www.openwall.com/lists/oss-security/2021/10/07/6https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZhttp://jvn.jp/en/jp/JVN51106450/index.htmlhttp://www.openwall.com/lists/oss-security/2021/10/08/1https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3@%3Ccvs.httpd.apache.org%3Ehttp://www.openwall.com/lists/oss-security/2021/10/08/2http://www.openwall.com/lists/oss-security/2021/10/08/4http://www.openwall.com/lists/oss-security/2021/10/08/3http://www.openwall.com/lists/oss-security/2021/10/08/6http://www.openwall.com/lists/oss-security/2021/10/08/5http://www.openwall.com/lists/oss-security/2021/10/09/1http://www.openwall.com/lists/oss-security/2021/10/11/4https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/http://packetstormsecurity.com/files/164501/Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/http://www.openwall.com/lists/oss-security/2021/10/15/3http://www.openwall.com/lists/oss-security/2021/10/16/1http://packetstormsecurity.com/files/164609/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.htmlhttps://github.com/twseptian/CVE-2021-42013-Labhttps://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2021-42013