mirror of
https://github.com/0xMarcio/cve.git
synced 2026-02-12 22:53:11 +00:00
9.3 KiB
9.3 KiB
CVE-2021-42013
&color=brighgreen)
Description
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.
POC
Reference
- http://packetstormsecurity.com/files/164501/Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html
- http://packetstormsecurity.com/files/164609/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/165089/Apache-HTTP-Server-2.4.50-CVE-2021-42013-Exploitation.html
- http://packetstormsecurity.com/files/167397/Apache-2.4.50-Remote-Code-Execution.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
Github
- https://github.com/0day404/vulnerability-poc
- https://github.com/0day666/Vulnerability-verification
- https://github.com/0x783kb/Security-operation-book
- https://github.com/0xGabe/Apache-CVEs
- https://github.com/0xStrygwyr/OSCP-Guide
- https://github.com/0xZipp0/OSCP
- https://github.com/0xsyr0/OSCP
- https://github.com/12345qwert123456/CVE-2021-42013
- https://github.com/20142995/pocsuite3
- https://github.com/5gstudent/cve-2021-41773-and-cve-2021-42013
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/Adashz/CVE-2021-42013
- https://github.com/ArrestX/--POC
- https://github.com/Awrrays/FrameVul
- https://github.com/BassoNicolas/CVE-2021-42013
- https://github.com/CHYbeta/Vuln100Topics
- https://github.com/CHYbeta/Vuln100Topics20
- https://github.com/CLincat/vulcat
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/CalfCrusher/Path-traversal-RCE-Apache-2.4.49-2.4.50-Exploit
- https://github.com/FDlucifer/firece-fish
- https://github.com/Gekonisko/CTF
- https://github.com/GhostTroops/TOP
- https://github.com/H0j3n/EzpzCheatSheet
- https://github.com/H0j3n/EzpzShell
- https://github.com/H4cking2theGate/TraversalHunter
- https://github.com/Hamesawian/CVE-2021-42013
- https://github.com/HimmelAward/Goby_POC
- https://github.com/Hydragyrum/CVE-2021-41773-Playground
- https://github.com/IcmpOff/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution-Exploit
- https://github.com/JERRY123S/all-poc
- https://github.com/K3ysTr0K3R/CVE-2021-42013-EXPLOIT
- https://github.com/K3ysTr0K3R/K3ysTr0K3R
- https://github.com/KayCHENvip/vulnerability-poc
- https://github.com/LayarKacaSiber/CVE-2021-42013
- https://github.com/LoSunny/vulnerability-testing
- https://github.com/Ls4ss/CVE-2021-41773_CVE-2021-42013
- https://github.com/Luke-cmd/sharecode
- https://github.com/Ly0nt4r/OSCP
- https://github.com/Mallaichte/efed-management-system
- https://github.com/Miraitowa70/POC-Notes
- https://github.com/Mr-Tree-S/POC_EXP
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/MrCl0wnLab/SimplesApachePathTraversal
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/OfriOuzan/CVE-2021-41773_CVE-2021-42013_Exploits
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/Rubikcuv5/cve-2021-42013
- https://github.com/SYRTI/POC_to_review
- https://github.com/Shadow-warrior0/Apache_path_traversal
- https://github.com/Shadowven/Vulnerability_Reproduction
- https://github.com/SirElmard/ethical_hacking
- https://github.com/TheLastVvV/CVE-2021-42013
- https://github.com/TheLastVvV/CVE-2021-42013_Reverse-Shell
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/Vamckis/Container-Security
- https://github.com/Vulnmachines/cve-2021-42013
- https://github.com/WhooAmii/POC_to_review
- https://github.com/Z0fhack/Goby_POC
- https://github.com/Zeop-CyberSec/apache_normalize_path
- https://github.com/Zero094/Vulnerability-verification
- https://github.com/Zeyad-Azima/Remedy4me
- https://github.com/ahmad4fifz/CVE-2021-41773
- https://github.com/ahmad4fifz/CVE-2021-42013
- https://github.com/andrea-mattioli/apache-exploit-CVE-2021-42013
- https://github.com/anquanscan/sec-tools
- https://github.com/asaotomo/CVE-2021-42013-Apache-RCE-Poc-Exp
- https://github.com/azazelm3dj3d/apache-traversal
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/battleoverflow/apache-traversal
- https://github.com/birdlinux/CVE-2021-42013
- https://github.com/blackn0te/Apache-HTTP-Server-2.4.49-2.4.50-Path-Traversal-Remote-Code-Execution
- https://github.com/cipher387/awesome-ip-search-engines
- https://github.com/corelight/CVE-2021-41773
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/cybfar/cve-2021-42013-httpd
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/dial25sd/arf-vulnerable-vm
- https://github.com/e-hakson/OSCP
- https://github.com/eljosep/OSCP-Guide
- https://github.com/enciphers-team/cve-exploits
- https://github.com/enomothem/PenTestNote
- https://github.com/f-this/f-apache
- https://github.com/gwyomarch/CVE-Collection
- https://github.com/hadrian3689/apache_2.4.50
- https://github.com/heane404/CVE_scan
- https://github.com/hktalent/TOP
- https://github.com/honypot/CVE-2021-41773
- https://github.com/honypot/CVE-2021-42013
- https://github.com/huimzjty/vulwiki
- https://github.com/hxysaury/saury-vulnhub
- https://github.com/ibrahimetecicek/Advent-of-Cyber-3-2021-
- https://github.com/im-hanzou/apachrot
- https://github.com/imhunterand/ApachSAL
- https://github.com/imhunterand/CVE-2021-42013
- https://github.com/inbug-team/CVE-2021-41773_CVE-2021-42013
- https://github.com/jas9reet/CVE-2021-42013-LAB
- https://github.com/jaychen2/NIST-BULK-CVE-Lookup
- https://github.com/jbmihoub/all-poc
- https://github.com/kgwanjala/oscp-cheatsheet
- https://github.com/ksanchezcld/httpd-2.4.49
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/ltfafei/my_POC
- https://github.com/mauricelambert/CVE-2021-42013
- https://github.com/mauricelambert/mauricelambert.github.io
- https://github.com/metecicek/Advent-of-Cyber-3-2021-
- https://github.com/mightysai1997/-apache_2.4.50
- https://github.com/mightysai1997/cve-2021-42013
- https://github.com/mightysai1997/cve-2021-42013.get
- https://github.com/mightysai1997/cve-2021-42013L
- https://github.com/mr-exo/CVE-2021-41773
- https://github.com/nitishbadole/oscp-note-3
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/oscpname/OSCP_cheat
- https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
- https://github.com/pen4uin/awesome-vulnerability-research
- https://github.com/pen4uin/vulnerability-research
- https://github.com/pen4uin/vulnerability-research-list
- https://github.com/pisut4152/Sigma-Rule-for-CVE-2021-41773-and-CVE-2021-42013-exploitation-attempt
- https://github.com/pwn3z/CVE-2021-41773-Apache-RCE
- https://github.com/quentin33980/ToolBox-qgt
- https://github.com/ralvares/security-demos
- https://github.com/randomAnalyst/PoC-Fetcher
- https://github.com/retr0-13/apachrot
- https://github.com/revanmalang/OSCP
- https://github.com/rnsss/CVE-2021-42013
- https://github.com/robotsense1337/CVE-2021-42013
- https://github.com/sergiovks/LFI-RCE-Unauthenticated-Apache-2.4.49-2.4.50
- https://github.com/skentagon/CVE-2021-41773
- https://github.com/soosmile/POC
- https://github.com/superlink996/chunqiuyunjingbachang
- https://github.com/tangxiaofeng7/CVE-2022-22947-Spring-Cloud-Gateway
- https://github.com/theLSA/apache-httpd-path-traversal-checker
- https://github.com/theykillmeslowly/CVE-2021-42013
- https://github.com/trhacknon/Pocingit
- https://github.com/twseptian/CVE-2021-41773
- https://github.com/twseptian/CVE-2021-42013-Docker-Lab
- https://github.com/twseptian/cve-2021-41773
- https://github.com/twseptian/cve-2021-42013-docker-lab
- https://github.com/txuswashere/OSCP
- https://github.com/viliuspovilaika/cve-2021-42013
- https://github.com/vudala/CVE-2021-42013
- https://github.com/vulf/CVE-2021-41773_42013
- https://github.com/walnutsecurity/cve-2021-42013
- https://github.com/wangfly-me/Apache_Penetration_Tool
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
- https://github.com/xMohamed0/CVE-2021-42013-ApacheRCE
- https://github.com/xhref/OSCP
- https://github.com/xuetusummer/Penetration_Testing_POC
- https://github.com/zecool/cve
- https://github.com/zerodaywolf/CVE-2021-41773_42013