CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-02-12 18:42:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
CVEs-PoC/2021/CVE-2021-42013.md
0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00

278 lines
14 KiB
Markdown
Raw Permalink Blame History

### [CVE-2021-42013](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42013)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20HTTP%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=Apache%20HTTP%20Server%202.4.49%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=Apache%20HTTP%20Server%202.4.50%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brightgreen)
### Description
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.
### POC
#### Reference
- http://packetstormsecurity.com/files/164501/Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html
- http://packetstormsecurity.com/files/164609/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/165089/Apache-HTTP-Server-2.4.50-CVE-2021-42013-Exploitation.html
- http://packetstormsecurity.com/files/167397/Apache-2.4.50-Remote-Code-Execution.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
#### Github
- https://github.com/0day404/vulnerability-poc
- https://github.com/0day666/Vulnerability-verification
- https://github.com/0x783kb/Security-operation-book
- https://github.com/0x7n6/OSCP
- https://github.com/0xGabe/Apache-CVEs
- https://github.com/0xStrygwyr/OSCP-Guide
- https://github.com/0xZipp0/OSCP
- https://github.com/0xb0rn3/r3cond0g
- https://github.com/0xsyr0/OSCP
- https://github.com/12345qwert123456/CVE-2021-42013
- https://github.com/20142995/pocsuite3
- https://github.com/5gstudent/cve-2021-41773-and-cve-2021-42013
- https://github.com/AMatheusFeitosaM/OSCP-Cheat
- https://github.com/AMazkun/vuln-report-normalizer
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/Adashz/CVE-2021-42013
- https://github.com/AhenKay/INPT_report
- https://github.com/ArrestX/--POC
- https://github.com/Awrrays/FrameVul
- https://github.com/BassoNicolas/CVE-2021-42013
- https://github.com/CHYbeta/Vuln100Topics
- https://github.com/CHYbeta/Vuln100Topics20
- https://github.com/CLincat/vulcat
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/CalfCrusher/Path-traversal-RCE-Apache-2.4.49-2.4.50-Exploit
- https://github.com/ChalkingCode/ExploitedDucks
- https://github.com/Davida-AduGyamfi/INPT
- https://github.com/Dorsaa-Francis/inpt_report
- https://github.com/Drajoncr/AttackWebFrameworkTools
- https://github.com/EnriqueSanchezdelVillar/NotesHck
- https://github.com/EsselKobby/Virtual_Infosec_Africa_LAB
- https://github.com/FDlucifer/firece-fish
- https://github.com/Faizan-Khanx/OSCP
- https://github.com/Farrhouq/Inpt-report
- https://github.com/Gekonisko/CTF
- https://github.com/GhostTroops/TOP
- https://github.com/H0j3n/EzpzCheatSheet
- https://github.com/H0j3n/EzpzShell
- https://github.com/H4cking2theGate/TraversalHunter
- https://github.com/Hamesawian/CVE-2021-42013
- https://github.com/HariCyber-Sec/hackviser-cve-labs
- https://github.com/HimmelAward/Goby_POC
- https://github.com/Hydragyrum/CVE-2021-41773-Playground
- https://github.com/IcmpOff/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution-Exploit
- https://github.com/JERRY123S/all-poc
- https://github.com/Jhonsonwannaa/Jhonsonwannaa
- https://github.com/Jhonsonwannaa/cve-2021-42013-apache
- https://github.com/JosephJMRG/apache-docker-project
- https://github.com/K3ysTr0K3R/CVE-2021-42013-EXPLOIT
- https://github.com/K3ysTr0K3R/K3ysTr0K3R
- https://github.com/KayCHENvip/vulnerability-poc
- https://github.com/LayarKacaSiber/CVE-2021-42013
- https://github.com/LoSunny/vulnerability-testing
- https://github.com/Ls4ss/CVE-2021-41773_CVE-2021-42013
- https://github.com/Lucky9113/Automated-Vulnerability-Scanner-Management-Tool
- https://github.com/Luke-cmd/sharecode
- https://github.com/Ly0nt4r/OSCP
- https://github.com/MagicGautam/CVEs-Proof-Of-Concept
- https://github.com/Makavellik/POC-CVE-2021-42013-EXPLOIT
- https://github.com/Mallaichte/efed-management-system
- https://github.com/Miraitowa70/POC-Notes
- https://github.com/Mr-Tree-S/POC_EXP
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/MrCl0wnLab/SimplesApachePathTraversal
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/NeoOniX/5ATTACK
- https://github.com/NerokiDoki/sec-scanner-final-project
- https://github.com/NyxAzrael/Goby_POC
- https://github.com/OfriOuzan/CVE-2021-41773_CVE-2021-42013_Exploits
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/PuddinCat/GithubRepoSpider
- https://github.com/ReflectedThanatos/OSCP-cheatsheet
- https://github.com/Rubikcuv5/cve-2021-42013
- https://github.com/SYRTI/POC_to_review
- https://github.com/Samue290/INPT-REPORT
- https://github.com/SantoriuHen/NotesHck
- https://github.com/SenukDias/OSCP_cheat
- https://github.com/Shadow-warrior0/Apache_path_traversal
- https://github.com/Shadowven/Vulnerability_Reproduction
- https://github.com/SirElmard/ethical_hacking
- https://github.com/TheLastVvV/CVE-2021-42013
- https://github.com/TheLastVvV/CVE-2021-42013_Reverse-Shell
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/Urbank-61/CSC180Final
- https://github.com/Urbank-61/Urbank-61-CSC180CVEProject
- https://github.com/Vamckis/Container-Security
- https://github.com/Vanshuk-Bhagat/Apache-HTTP-Server-Vulnerabilities-CVE-2021-41773-and-CVE-2021-42013
- https://github.com/VishuGahlyan/OSCP
- https://github.com/Vulnmachines/cve-2021-42013
- https://github.com/WhooAmii/POC_to_review
- https://github.com/XiaomingX/awesome-poc-for-red-team
- https://github.com/Z0fhack/Goby_POC
- https://github.com/Zeop-CyberSec/apache_normalize_path
- https://github.com/Zero094/Vulnerability-verification
- https://github.com/Zeyad-Azima/Remedy4me
- https://github.com/Zyx2440/Apache-HTTP-Server-2.4.50-RCE
- https://github.com/adugyeni/INPT_Report
- https://github.com/ahmad4fifz/CVE-2021-41773
- https://github.com/ahmad4fifz/CVE-2021-42013
- https://github.com/ahur4/unsafe
- https://github.com/allengerysena/belajar-pentest-aplikasi-web
- https://github.com/alpaykuzu/PortScanner-CVE-Tool
- https://github.com/amessedad/autoexploitGPT
- https://github.com/andrea-mattioli/apache-exploit-CVE-2021-42013
- https://github.com/anquanscan/sec-tools
- https://github.com/asaotomo/CVE-2021-42013-Apache-RCE-Poc-Exp
- https://github.com/asepsaepdin/CVE-2021-42013
- https://github.com/azazelm3dj3d/apache-traversal
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/bananoname/cve-2021-42013
- https://github.com/battleoverflow/apache-traversal
- https://github.com/birdlinux/CVE-2021-42013
- https://github.com/blackn0te/Apache-HTTP-Server-2.4.49-2.4.50-Path-Traversal-Remote-Code-Execution
- https://github.com/cc8700619/poc
- https://github.com/cihan-atas/cyberexam-rooms
- https://github.com/cipher387/awesome-ip-search-engines
- https://github.com/corelight/CVE-2021-41773
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/cybfar/cve-2021-42013-httpd
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/daffum3/internal-network-pentesting
- https://github.com/danryafuz/CS564_Project
- https://github.com/davincico/ChatGPT-2-HACKER
- https://github.com/defronixpro/Defronix-Cybersecurity-Roadmap
- https://github.com/dial25sd/arf-vulnerable-vm
- https://github.com/dream434/cve-2021-42013-apache
- https://github.com/dream434/dream434
- https://github.com/duggytuxy/Data-Shield_IPv4_Blocklist
- https://github.com/duggytuxy/Intelligence_IPv4_Blocklist
- https://github.com/e-hakson/OSCP
- https://github.com/eljosep/OSCP-Guide
- https://github.com/enciphers-team/cve-exploits
- https://github.com/enomothem/PenTestNote
- https://github.com/exfilt/CheatSheet
- https://github.com/f-this/f-apache
- https://github.com/fazilbaig1/oscp
- https://github.com/fc0d3x/softuni-recon-exam
- https://github.com/g1san/Agents-for-Vulnerable-Dockers-and-related-Benchmarks
- https://github.com/gugas1nwork/apache-traversal
- https://github.com/gwyomarch/CVE-Collection
- https://github.com/hackedrishi/CTF_WRITEUPS-TryHackMe-CVE-2021-41773-
- https://github.com/hackgnar/setc
- https://github.com/hadrian3689/apache_2.4.50
- https://github.com/heane404/CVE_scan
- https://github.com/hktalent/TOP
- https://github.com/honypot/CVE-2021-41773
- https://github.com/honypot/CVE-2021-42013
- https://github.com/huimzjty/vulwiki
- https://github.com/hungnqdz/cve
- https://github.com/hxysaury/saury-vulnhub
- https://github.com/ibrahimetecicek/Advent-of-Cyber-3-2021-
- https://github.com/im-hanzou/apachrot
- https://github.com/imhunterand/ApachSAL
- https://github.com/imhunterand/CVE-2021-42013
- https://github.com/imthenachoman/How-To-Secure-A-Linux-Server
- https://github.com/inbug-team/CVE-2021-41773_CVE-2021-42013
- https://github.com/israelbarnabas/inpt-report
- https://github.com/jas9reet/CVE-2021-42013-LAB
- https://github.com/jaychen2/NIST-BULK-CVE-Lookup
- https://github.com/jbmihoub/all-poc
- https://github.com/jitmondal1/OSCP
- https://github.com/kellisfen/13-01.md
- https://github.com/kgwanjala/oscp-cheatsheet
- https://github.com/kmukoo101/CVEye
- https://github.com/krlabs/apache-vulnerabilities
- https://github.com/ksanchezcld/httpd-2.4.49
- https://github.com/lekctut/sdb-hw-13-01
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/ltfafei/my_POC
- https://github.com/lucagioacchini/auto-pen-bench
- https://github.com/macEar/cve-playground
- https://github.com/malwaremily/infosec-news-briefs
- https://github.com/mauricelambert/CVE-2021-42013
- https://github.com/mauricelambert/mauricelambert.github.io
- https://github.com/merlinepedra/AttackWebFrameworkTools-5.0
- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
- https://github.com/metecicek/Advent-of-Cyber-3-2021-
- https://github.com/micaelarg/vulnerability_scanner_public
- https://github.com/mightysai1997/-apache_2.4.50
- https://github.com/mightysai1997/cve-2021-42013
- https://github.com/mightysai1997/cve-2021-42013.get
- https://github.com/mightysai1997/cve-2021-42013L
- https://github.com/misakitanabe/mastery_extension
- https://github.com/mr-exo/CVE-2021-41773
- https://github.com/nholuongut/secure-a-linux-server
- https://github.com/nitishbadole/oscp-note-3
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/odaysec/PwnTraverse
- https://github.com/oscpname/OSCP_cheat
- https://github.com/parth45/cheatsheet
- https://github.com/paultheal1en/auto_pen_bench_web
- https://github.com/pedr0alencar/vlab-metasploitable2
- https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
- https://github.com/peiqiF4ck/WebFrameworkTools-5.5
- https://github.com/peiqiF4ck/WebFrameworkTools-5.5-enhance
- https://github.com/pen4uin/awesome-vulnerability-research
- https://github.com/pen4uin/vulnerability-research
- https://github.com/pen4uin/vulnerability-research-list
- https://github.com/pisut4152/Sigma-Rule-for-CVE-2021-41773-and-CVE-2021-42013-exploitation-attempt
- https://github.com/plzheheplztrying/cve_monitor
- https://github.com/psibot/apache-vulnerable
- https://github.com/pwn3z/CVE-2021-41773-Apache-RCE
- https://github.com/pwnosec/ApachSAL
- https://github.com/q99266/saury-vulnhub
- https://github.com/quentin33980/ToolBox-qgt
- https://github.com/r0otk3r/CVE-2021-41773
- https://github.com/rafifdna/CVE-2021-42013
- https://github.com/ralvares/security-demos
- https://github.com/randomAnalyst/PoC-Fetcher
- https://github.com/ranhn/Goby-Poc
- https://github.com/retr0-13/apachrot
- https://github.com/revanmalang/OSCP
- https://github.com/rnsss/CVE-2021-42013
- https://github.com/robotsense1337/CVE-2021-42013
- https://github.com/sakshiishukla/Python-Vulnerability-Scanner
- https://github.com/samglish/ServerSide
- https://github.com/sergiovks/LFI-RCE-Unauthenticated-Apache-2.4.49-2.4.50
- https://github.com/shengshengli/AttackWebFrameworkTools-5.0
- https://github.com/skentagon/CVE-2021-41773
- https://github.com/soosmile/POC
- https://github.com/sparktsao/auto-pen-bench-study
- https://github.com/superlink996/chunqiuyunjingbachang
- https://github.com/tangxiaofeng7/CVE-2022-22947-Spring-Cloud-Gateway
- https://github.com/theLSA/apache-httpd-path-traversal-checker
- https://github.com/thexnumb/thexwriteup
- https://github.com/theykillmeslowly/CVE-2021-42013
- https://github.com/trhacknon/Pocingit
- https://github.com/twseptian/CVE-2021-41773
- https://github.com/twseptian/CVE-2021-42013-Docker-Lab
- https://github.com/twseptian/cve-2021-41773
- https://github.com/twseptian/cve-2021-41773-docker-lab
- https://github.com/twseptian/cve-2021-42013-docker-lab
- https://github.com/txuswashere/OSCP
- https://github.com/viliuspovilaika/cve-2021-42013
- https://github.com/vishal-rathod-1/shell_gpt
- https://github.com/vudala/CVE-2021-42013
- https://github.com/vulf/CVE-2021-41773_42013
- https://github.com/walnutsecurity/cve-2021-42013
- https://github.com/wangfly-me/Apache_Penetration_Tool
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
- https://github.com/xMohamed0/CVE-2021-42013-ApacheRCE
- https://github.com/xhref/OSCP
- https://github.com/xuetusummer/Penetration_Testing_POC
- https://github.com/yigitcantunay35/Reconx
- https://github.com/zecool/cve
- https://github.com/zerodaywolf/CVE-2021-41773_42013
Reference in New Issue View Git Blame Copy Permalink