← volver
CVE-2021-41773

Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49

CVSS 7.5 HIGHEPSS 100.0%● KEVCWE-22
En resumen

Apache HTTP Server 2.4.49 tiene un defecto en cómo procesa las rutas de archivos, permitiendo que los atacantes accedan a archivos fuera de los directorios previstos mediante URLs especialmente construidas. Si esos archivos no están adecuadamente protegidos, los atacantes pueden leer datos sensibles o ejecutar código malicioso si los scripts CGI están habilitados.

Detalle técnico

Un bypase de normalización de rutas en Apache 2.4.49 permite ataques de path traversal para mapear URLs a archivos fuera del alcance de directivas tipo Alias. La vulnerabilidad requiere que archivos fuera de directorios configurados carezcan de protecciones predeterminadas "require all denied"; la explotación puede conducir a divulgación de información o RCE si se permite ejecución CGI en rutas con alias. Afecta solo a la versión 2.4.49 y es explotada activamente en la práctica.

Resumen generado y traducido por IA a partir de la descripción oficial.
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Productos afectados
Apache Software Foundation · Apache HTTP Server
PoCs públicas encontradas150
githubgithub.com/blasty/CVE-2021-41773210githubgithub.com/inbug-team/CVE-2021-41773_CVE-2021-42013147githubgithub.com/HightechSec/scarce-apache263githubgithub.com/MrCl0wnLab/SimplesApachePathTraversal62githubgithub.com/iilegacyyii/PoC-CVE-2021-4177352githubgithub.com/lorddemon/CVE-2021-41773-PoC39githubgithub.com/Vulnmachines/cve-2021-4177338githubgithub.com/justakazh/mass_cve-2021-4177329githubgithub.com/BlueTeamSteve/CVE-2021-4177323githubgithub.com/im-hanzou/apachrot22githubgithub.com/Ls4ss/CVE-2021-41773_CVE-2021-4201320githubgithub.com/ZephrFish/CVE-2021-41773-PoC17githubgithub.com/wangfly-me/Apache_Penetration_Tool14githubgithub.com/blackn0te/Apache-HTTP-Server-2.4.49-2.4.50-Path-Traversal-Remote-Code-Execution13githubgithub.com/j4k0m/CVE-2021-4177313githubgithub.com/Zeop-CyberSec/apache_normalize_path12githubgithub.com/itsecurityco/CVE-2021-4177312githubgithub.com/zeronine9/CVE-2021-4177311githubgithub.com/mr-exo/CVE-2021-4177311githubgithub.com/1nhann/CVE-2021-417739githubgithub.com/aqiao-jashell/CVE-2021-417739githubgithub.com/theLSA/apache-httpd-path-traversal-checker9githubgithub.com/knqyf263/CVE-2021-417739githubgithub.com/numanturle/CVE-2021-417738githubgithub.com/creadpag/CVE-2021-41773-POC8githubgithub.com/0xRar/CVE-2021-417737githubgithub.com/aqiao-jashell/py-CVE-2021-417737githubgithub.com/Hydragyrum/CVE-2021-41773-Playground6githubgithub.com/TishcaTpx/POC-CVE-2021-417736githubgithub.com/noflowpls/CVE-2021-417736githubgithub.com/RevShellXD/LFI-Destruction4githubgithub.com/OfriOuzan/CVE-2021-41773_CVE-2021-42013_Exploits4githubgithub.com/apapedulimu/Apachuk4githubgithub.com/LudovicPatho/CVE-2021-417734githubgithub.com/jbovet/CVE-2021-417734githubgithub.com/twseptian/cve-2021-417734githubgithub.com/superzerosec/CVE-2021-417733githubgithub.com/Habib0x0/CVE-2021-417733githubgithub.com/habibiefaried/CVE-2021-41773-PoC3githubgithub.com/Soliux/CVE-2021-417732githubgithub.com/jheeree/Simple-CVE-2021-41773-checker2githubgithub.com/iosifache/ApacheRCEEssay2githubgithub.com/Kouf320/docker-lab-cve-2017-5638-cve-2021-417732githubgithub.com/CyberQuestor-infosec/CVE-2021-41773-Apache_2.4.49-Path-traversal-to-RCE2githubgithub.com/lopqto/CVE-2021-41773_Honeypot2githubgithub.com/walnutsecurity/cve-2021-417732githubgithub.com/Zyx2440/Apache-HTTP-Server-2.4.50-RCE2githubgithub.com/orangmuda/CVE-2021-417732githubgithub.com/5gstudent/cve-2021-41773-and-cve-2021-420132githubgithub.com/mightysai1997/CVE-2021-41773S1githubgithub.com/klmntbelgium/cve-2021-41773-exploration1githubgithub.com/im2sinister/CVE-2021-417731githubgithub.com/AssassinUKG/CVE-2021-417731githubgithub.com/masahiro331/CVE-2021-417731githubgithub.com/PentesterGuruji/CVE-2021-417731githubgithub.com/r00tVen0m/CVE-2021-417731githubgithub.com/n3k00n3/CVE-2021-417731githubgithub.com/vinhjaxt/CVE-2021-41773-exploit1githubgithub.com/shellreaper/CVE-2021-417731githubgithub.com/corelight/CVE-2021-417731githubgithub.com/EagleTube/CVE-2021-417731githubgithub.com/ksanchezcld/httpd-2.4.491githubgithub.com/zerodaywolf/CVE-2021-41773_420131githubgithub.com/MazX0p/CVE-2021-417731githubgithub.com/IcmpOff/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution-Exploit1githubgithub.com/kubota/POC-CVE-2021-417731githubgithub.com/mightysai1997/CVE-2021-41773m1githubgithub.com/TheKernelPanic/exploit-apache2-cve-2021-417731githubgithub.com/retrymp3/apache2.4.49VulnerableLabSetup1githubgithub.com/Iris288/CVE-2021-417731githubgithub.com/psibot/apache-vulnerable1githubgithub.com/charanvoonna/CVE-2021-417731githubgithub.com/adrianmafandy/CVE-2021-417731githubgithub.com/pirenga/CVE-2021-417730githubgithub.com/abds059/APACHE-PATH-TRAVERSAL-RCE-CVE-2021-41773-0githubgithub.com/xMohamed0/CVE-2021-417730githubgithub.com/i6c/MASS_CVE-2021-417730githubgithub.com/skentagon/CVE-2021-417730githubgithub.com/bernardas/netsec-polygon0githubgithub.com/pisut4152/Sigma-Rule-for-CVE-2021-41773-and-CVE-2021-42013-exploitation-attempt0githubgithub.com/anldori/CVE-2021-41773-Scanner0githubgithub.com/shiomiyan/CVE-2021-417730githubgithub.com/Hattan515/POC-CVE-2021-417730githubgithub.com/pwn3z/CVE-2021-41773-Apache-RCE0githubgithub.com/EkamSinghWalia/Mitigation-Apache-CVE-2021-41773-0githubgithub.com/mightysai1997/cve-2021-417730githubgithub.com/mightysai1997/CVE-2021-41773h0githubgithub.com/mightysai1997/cve-2021-41773-v-0githubgithub.com/mightysai1997/CVE-2021-41773-i-0githubgithub.com/mightysai1997/CVE-2021-41773-L-0githubgithub.com/mightysai1997/CVE-2021-41773-PoC0githubgithub.com/mightysai1997/CVE-2021-41773.git10githubgithub.com/fnatalucci/CVE-2021-41773-RCE0githubgithub.com/sixpacksecurity/CVE-2021-417730githubgithub.com/dileepdkumar/LayarKacaSiber-CVE-2021-417730githubgithub.com/ranggaggngntt/CVE-2021-417730githubgithub.com/mohwahyudi/cve-2021-417730githubgithub.com/12345qwert123456/CVE-2021-417730githubgithub.com/TAI-REx/cve-2021-41773-nse0githubgithub.com/JKIM72403/CS4277-CVE-Path-Traversal-Apache-HTTP-Server0githubgithub.com/a24ac1/CVE-2021-41773-PoC0githubgithub.com/MatanelGordon/docker-cve-2021-417730githubgithub.com/0xGabe/Apache-CVEs0githubgithub.com/Areeba-Zehra-Jafri/CVE-2021-41773---Apache-Path-Traversal---RCE0githubgithub.com/vida003/Scanner-CVE-2021-417730githubgithub.com/ch4os443/CVE-2021-417730githubgithub.com/wolf1892/CVE-2021-417730githubgithub.com/sobanahmed6061/CVE-2021-41773-RedTeam0githubgithub.com/b1tsec/CVE-2021-417730githubgithub.com/fxdyx-a/CVE-2021-41773-POC0githubgithub.com/Maybe4a6f7365/CVE-2021-417730githubgithub.com/0xc4t/CVE-2021-417730githubgithub.com/jkska23/Additive-Vulnerability-Analysis-CVE-2021-417730githubgithub.com/redspy-sec/CVE-2021-417730githubgithub.com/luongchivi/Preproduce-CVE-2021-417730githubgithub.com/FakesiteSecurity/CVE-2021-417730githubgithub.com/Taldrid1/cve-2021-417730githubgithub.com/tiemio/SSH-key-and-RCE-PoC-for-CVE-2021-417730githubgithub.com/Vanshuk-Bhagat/Apache-HTTP-Server-Vulnerabilities-CVE-2021-41773-and-CVE-2021-420130githubgithub.com/javaamo/CVE-2021-417730githubgithub.com/ashique-thaha/CVE-2021-41773-POC0githubgithub.com/khaidtraivch/CVE-2021-41773-Apache-2.4.49-0githubgithub.com/JIYUN02/cve-2021-417730githubgithub.com/AzkOsDev/CVE-2021-417730githubgithub.com/Joapath/CVE-2021-417730githubgithub.com/blu3ming/PoC-CVE-2021-417730githubgithub.com/r0otk3r/CVE-2021-417730githubgithub.com/mah4nzfr/CVE-2021-417730githubgithub.com/hackedrishi/CTF_WRITEUPS-TryHackMe-CVE-2021-41773-0githubgithub.com/MuhammadHuzaifaAsif/security-lab0githubgithub.com/gunzf0x/CVE-2021-417730githubgithub.com/Mahfujurjust/CVE-2021-417730githubgithub.com/faizdotid/CVE-2021-417730githubgithub.com/ChanaPCN/CVE-2021-41773-Analysis0githubgithub.com/sudo0xksh/cve-2021-41773-checker0githubgithub.com/dserdyk3-arch/Serdyuk-DO-homework-CVE-2021-417730githubgithub.com/ISabbiI/PoC-Apache-CVE-2021-41773-Infrastructure-LAB0githubgithub.com/Nanxsec/exploitApache0githubgithub.com/zubairahm3d/apache-cve-2021-41773-lab0githubgithub.com/tsiddiquea/cve-reproduction-lab0githubgithub.com/LayarKacaSiber/CVE-2021-417730githubgithub.com/BabyTeam1024/CVE-2021-417730githubgithub.com/twseptian/cve-2021-41773-docker-lab0githubgithub.com/TheLastVvV/CVE-2021-417730cve_referencepacketstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.htmlno verificadocve_referencepacketstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal.htmlno verificadoexploitdbwww.exploit-db.com/exploits/50383no verificadocve_referencepacketstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.htmlno verificadoexploitdbwww.exploit-db.com/exploits/50512no verificadocve_referencepacketstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal-Remote-Code-Execution.htmlno verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal.htmlhttp://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.htmlhttps://httpd.apache.org/security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f%40%3Cusers.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3Ehttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/