CVE-2021-41773
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
Em resumo
O Apache HTTP Server 2.4.49 tem um problema na forma como processa caminhos de arquivos, permitindo que atacantes acessem arquivos fora dos diretórios pretendidos através de URLs especialmente construídas. Se esses arquivos não estiverem devidamente protegidos, atacantes podem ler dados sensíveis ou executar código malicioso se scripts CGI estiverem habilitados.
Detalhe técnico
Um contorno de normalização de caminhos no Apache 2.4.49 permite ataques de traversal de diretório para mapear URLs para arquivos fora do escopo das diretivas tipo Alias. A vulnerabilidade requer que arquivos fora dos diretórios configurados careçam de proteções padrão "require all denied"; a exploração pode levar à divulgação de informações ou RCE se a execução CGI for permitida em caminhos com alias. Afeta apenas a versão 2.4.49 e é explorada ativamente na prática.
Resumo gerado e traduzido por IA a partir da descrição oficial.
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Produtos afetados
Apache Software Foundation · Apache HTTP ServerPoCs públicas encontradas — 150
githubgithub.com/blasty/CVE-2021-41773★ 210githubgithub.com/inbug-team/CVE-2021-41773_CVE-2021-42013★ 147githubgithub.com/HightechSec/scarce-apache2★ 63githubgithub.com/MrCl0wnLab/SimplesApachePathTraversal★ 62githubgithub.com/iilegacyyii/PoC-CVE-2021-41773★ 52githubgithub.com/lorddemon/CVE-2021-41773-PoC★ 39githubgithub.com/Vulnmachines/cve-2021-41773★ 38githubgithub.com/justakazh/mass_cve-2021-41773★ 29githubgithub.com/BlueTeamSteve/CVE-2021-41773★ 23githubgithub.com/im-hanzou/apachrot★ 22githubgithub.com/Ls4ss/CVE-2021-41773_CVE-2021-42013★ 20githubgithub.com/ZephrFish/CVE-2021-41773-PoC★ 17githubgithub.com/wangfly-me/Apache_Penetration_Tool★ 14githubgithub.com/blackn0te/Apache-HTTP-Server-2.4.49-2.4.50-Path-Traversal-Remote-Code-Execution★ 13githubgithub.com/j4k0m/CVE-2021-41773★ 13githubgithub.com/Zeop-CyberSec/apache_normalize_path★ 12githubgithub.com/itsecurityco/CVE-2021-41773★ 12githubgithub.com/zeronine9/CVE-2021-41773★ 11githubgithub.com/mr-exo/CVE-2021-41773★ 11githubgithub.com/1nhann/CVE-2021-41773★ 9githubgithub.com/aqiao-jashell/CVE-2021-41773★ 9githubgithub.com/theLSA/apache-httpd-path-traversal-checker★ 9githubgithub.com/knqyf263/CVE-2021-41773★ 9githubgithub.com/numanturle/CVE-2021-41773★ 8githubgithub.com/creadpag/CVE-2021-41773-POC★ 8githubgithub.com/0xRar/CVE-2021-41773★ 7githubgithub.com/aqiao-jashell/py-CVE-2021-41773★ 7githubgithub.com/Hydragyrum/CVE-2021-41773-Playground★ 6githubgithub.com/TishcaTpx/POC-CVE-2021-41773★ 6githubgithub.com/noflowpls/CVE-2021-41773★ 6githubgithub.com/RevShellXD/LFI-Destruction★ 4githubgithub.com/OfriOuzan/CVE-2021-41773_CVE-2021-42013_Exploits★ 4githubgithub.com/apapedulimu/Apachuk★ 4githubgithub.com/LudovicPatho/CVE-2021-41773★ 4githubgithub.com/jbovet/CVE-2021-41773★ 4githubgithub.com/twseptian/cve-2021-41773★ 4githubgithub.com/superzerosec/CVE-2021-41773★ 3githubgithub.com/Habib0x0/CVE-2021-41773★ 3githubgithub.com/habibiefaried/CVE-2021-41773-PoC★ 3githubgithub.com/Soliux/CVE-2021-41773★ 2githubgithub.com/jheeree/Simple-CVE-2021-41773-checker★ 2githubgithub.com/iosifache/ApacheRCEEssay★ 2githubgithub.com/Kouf320/docker-lab-cve-2017-5638-cve-2021-41773★ 2githubgithub.com/CyberQuestor-infosec/CVE-2021-41773-Apache_2.4.49-Path-traversal-to-RCE★ 2githubgithub.com/lopqto/CVE-2021-41773_Honeypot★ 2githubgithub.com/walnutsecurity/cve-2021-41773★ 2githubgithub.com/Zyx2440/Apache-HTTP-Server-2.4.50-RCE★ 2githubgithub.com/orangmuda/CVE-2021-41773★ 2githubgithub.com/5gstudent/cve-2021-41773-and-cve-2021-42013★ 2githubgithub.com/mightysai1997/CVE-2021-41773S★ 1githubgithub.com/klmntbelgium/cve-2021-41773-exploration★ 1githubgithub.com/im2sinister/CVE-2021-41773★ 1githubgithub.com/AssassinUKG/CVE-2021-41773★ 1githubgithub.com/masahiro331/CVE-2021-41773★ 1githubgithub.com/PentesterGuruji/CVE-2021-41773★ 1githubgithub.com/r00tVen0m/CVE-2021-41773★ 1githubgithub.com/n3k00n3/CVE-2021-41773★ 1githubgithub.com/vinhjaxt/CVE-2021-41773-exploit★ 1githubgithub.com/shellreaper/CVE-2021-41773★ 1githubgithub.com/corelight/CVE-2021-41773★ 1githubgithub.com/EagleTube/CVE-2021-41773★ 1githubgithub.com/ksanchezcld/httpd-2.4.49★ 1githubgithub.com/zerodaywolf/CVE-2021-41773_42013★ 1githubgithub.com/MazX0p/CVE-2021-41773★ 1githubgithub.com/IcmpOff/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution-Exploit★ 1githubgithub.com/kubota/POC-CVE-2021-41773★ 1githubgithub.com/mightysai1997/CVE-2021-41773m★ 1githubgithub.com/TheKernelPanic/exploit-apache2-cve-2021-41773★ 1githubgithub.com/retrymp3/apache2.4.49VulnerableLabSetup★ 1githubgithub.com/Iris288/CVE-2021-41773★ 1githubgithub.com/psibot/apache-vulnerable★ 1githubgithub.com/charanvoonna/CVE-2021-41773★ 1githubgithub.com/adrianmafandy/CVE-2021-41773★ 1githubgithub.com/pirenga/CVE-2021-41773★ 0githubgithub.com/abds059/APACHE-PATH-TRAVERSAL-RCE-CVE-2021-41773-★ 0githubgithub.com/xMohamed0/CVE-2021-41773★ 0githubgithub.com/i6c/MASS_CVE-2021-41773★ 0githubgithub.com/skentagon/CVE-2021-41773★ 0githubgithub.com/bernardas/netsec-polygon★ 0githubgithub.com/pisut4152/Sigma-Rule-for-CVE-2021-41773-and-CVE-2021-42013-exploitation-attempt★ 0githubgithub.com/anldori/CVE-2021-41773-Scanner★ 0githubgithub.com/shiomiyan/CVE-2021-41773★ 0githubgithub.com/Hattan515/POC-CVE-2021-41773★ 0githubgithub.com/pwn3z/CVE-2021-41773-Apache-RCE★ 0githubgithub.com/EkamSinghWalia/Mitigation-Apache-CVE-2021-41773-★ 0githubgithub.com/mightysai1997/cve-2021-41773★ 0githubgithub.com/mightysai1997/CVE-2021-41773h★ 0githubgithub.com/mightysai1997/cve-2021-41773-v-★ 0githubgithub.com/mightysai1997/CVE-2021-41773-i-★ 0githubgithub.com/mightysai1997/CVE-2021-41773-L-★ 0githubgithub.com/mightysai1997/CVE-2021-41773-PoC★ 0githubgithub.com/mightysai1997/CVE-2021-41773.git1★ 0githubgithub.com/fnatalucci/CVE-2021-41773-RCE★ 0githubgithub.com/sixpacksecurity/CVE-2021-41773★ 0githubgithub.com/dileepdkumar/LayarKacaSiber-CVE-2021-41773★ 0githubgithub.com/ranggaggngntt/CVE-2021-41773★ 0githubgithub.com/mohwahyudi/cve-2021-41773★ 0githubgithub.com/12345qwert123456/CVE-2021-41773★ 0githubgithub.com/TAI-REx/cve-2021-41773-nse★ 0githubgithub.com/JKIM72403/CS4277-CVE-Path-Traversal-Apache-HTTP-Server★ 0githubgithub.com/a24ac1/CVE-2021-41773-PoC★ 0githubgithub.com/MatanelGordon/docker-cve-2021-41773★ 0githubgithub.com/0xGabe/Apache-CVEs★ 0githubgithub.com/Areeba-Zehra-Jafri/CVE-2021-41773---Apache-Path-Traversal---RCE★ 0githubgithub.com/vida003/Scanner-CVE-2021-41773★ 0githubgithub.com/ch4os443/CVE-2021-41773★ 0githubgithub.com/wolf1892/CVE-2021-41773★ 0githubgithub.com/sobanahmed6061/CVE-2021-41773-RedTeam★ 0githubgithub.com/b1tsec/CVE-2021-41773★ 0githubgithub.com/fxdyx-a/CVE-2021-41773-POC★ 0githubgithub.com/Maybe4a6f7365/CVE-2021-41773★ 0githubgithub.com/0xc4t/CVE-2021-41773★ 0githubgithub.com/jkska23/Additive-Vulnerability-Analysis-CVE-2021-41773★ 0githubgithub.com/redspy-sec/CVE-2021-41773★ 0githubgithub.com/luongchivi/Preproduce-CVE-2021-41773★ 0githubgithub.com/FakesiteSecurity/CVE-2021-41773★ 0githubgithub.com/Taldrid1/cve-2021-41773★ 0githubgithub.com/tiemio/SSH-key-and-RCE-PoC-for-CVE-2021-41773★ 0githubgithub.com/Vanshuk-Bhagat/Apache-HTTP-Server-Vulnerabilities-CVE-2021-41773-and-CVE-2021-42013★ 0githubgithub.com/javaamo/CVE-2021-41773★ 0githubgithub.com/ashique-thaha/CVE-2021-41773-POC★ 0githubgithub.com/khaidtraivch/CVE-2021-41773-Apache-2.4.49-★ 0githubgithub.com/JIYUN02/cve-2021-41773★ 0githubgithub.com/AzkOsDev/CVE-2021-41773★ 0githubgithub.com/Joapath/CVE-2021-41773★ 0githubgithub.com/blu3ming/PoC-CVE-2021-41773★ 0githubgithub.com/r0otk3r/CVE-2021-41773★ 0githubgithub.com/mah4nzfr/CVE-2021-41773★ 0githubgithub.com/hackedrishi/CTF_WRITEUPS-TryHackMe-CVE-2021-41773-★ 0githubgithub.com/MuhammadHuzaifaAsif/security-lab★ 0githubgithub.com/gunzf0x/CVE-2021-41773★ 0githubgithub.com/Mahfujurjust/CVE-2021-41773★ 0githubgithub.com/faizdotid/CVE-2021-41773★ 0githubgithub.com/ChanaPCN/CVE-2021-41773-Analysis★ 0githubgithub.com/sudo0xksh/cve-2021-41773-checker★ 0githubgithub.com/dserdyk3-arch/Serdyuk-DO-homework-CVE-2021-41773★ 0githubgithub.com/ISabbiI/PoC-Apache-CVE-2021-41773-Infrastructure-LAB★ 0githubgithub.com/Nanxsec/exploitApache★ 0githubgithub.com/zubairahm3d/apache-cve-2021-41773-lab★ 0githubgithub.com/tsiddiquea/cve-reproduction-lab★ 0githubgithub.com/LayarKacaSiber/CVE-2021-41773★ 0githubgithub.com/BabyTeam1024/CVE-2021-41773★ 0githubgithub.com/twseptian/cve-2021-41773-docker-lab★ 0githubgithub.com/TheLastVvV/CVE-2021-41773★ 0cve_referencepacketstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.htmlnão verificadocve_referencepacketstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/50383não verificadocve_referencepacketstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/50512não verificadocve_referencepacketstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal-Remote-Code-Execution.htmlnão verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal.htmlhttp://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.htmlhttps://httpd.apache.org/security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f%40%3Cusers.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3Ehttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/