Exploit for #VU57063 Path traversal in Apache HTTP Server

Vulnerability identifier: #VU57063

Vulnerability risk: Critical

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2021-41773

CWE-ID: CWE-22

Exploitation vector: Network

Exploits in database: 65

• May 7, 2023
  • CVE-2021-41773-EXPLOIT (A PoC exploit for CVE-2021-41773 - RCE Apache version 2.4.49/2.4.50) [Github]
• April 30, 2023
  • Apache-HTTP-Server-2.4.49-2.4.50-Path-Traversal-Remote-Code-Execution (Apache HTTP-Server 2.4.49-2.4.50 Path Traversal & Remote Code Execution PoC (CVE-2021-41773 & CVE-2021-42013)) [Github]
• December 15, 2022
  • apache-traversal (This exploit is based on a few CVE vulnerabilities affecting Apache 2.4.49. We use URL-encoded characters to access certain files or otherwise restricted resources on the server. Possible RCE on certain systems as well.) [Github]
• December 6, 2022
  • exploit-apache2-cve-2021-41773 (Exploit for path transversal vulnerability in apache) [Github]
• November 7, 2022
  • cve_2021_41773 () [Github]
• November 2, 2022
  • CVE-2021-41773 (apache路径穿越漏洞poc&exp) [Github]
  • py-CVE-2021-41773 (python编写的apache路径穿越poc&exp) [Github]
• October 12, 2022
  • CVE-2021-41773 (Apache 2.4.49 & 2.4.50 Path Traversal to RCE exploit) [Github]
• September 30, 2022
  • CVE-2021-41773 (Apache 2.4.49 & 2.4.50 Path Traversal to RCE exploit) [Github]
• September 28, 2022
  • CVE-2021-41773 () [Github]
• August 5, 2022
  • CVE-2021-41773 (CVE-2021-41773 Gaurav Raj's exploit modified by Plunder) [Github]
• June 19, 2022
  • CVE-2021-41773-Apache-RCE (A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outsi [Github]
• June 8, 2022
  • CVE-2021-41773 (CVE-2021-41773 | Apache HTTP Server 2.4.49 is vulnerable to Path Traversal and Remote Code execution attacks ) [Github]
• April 7, 2022
  • Path-traversal-RCE-Apache-2.4.49-2.4.50-Exploit (CVE-2021-41773 | CVE-2021-42013 Exploit Tool (Apache/2.4.49-2.4.50)) [Github]
• April 5, 2022
  • Exploit-for-path-traversal-attack-and-RCE-in-Apache-2.4.49---2.4.50 (CVE-2021-41773 | CVE-2021-42013 Exploiter Tool) [Github]
• March 15, 2022
  • CVE-2021-41773 (Apache2 2.4.49 - LFI & RCE Exploit - CVE-2021-41773) [Github]
• March 14, 2022
  • CVE-2021-41773 (Exploitation of CVE-2021-41773 a Directory Traversal in Apache 2.4.49.) [Github]
• January 13, 2022
  • CVE-2021-41773-exploiter (School project - Please use other repos for actual testing) [Github]
• December 15, 2021
  • MASS_CVE-2021-41773 () [Github]
• November 25, 2021
  • Apache HTTP Server 2.4.49 - Path Traversal & Remote Code Execution (RCE) [Exploit-DB]
  • Apache HTTP Server 2.4.50 - Remote Code Execution (RCE) (3) [Exploit-DB]
• October 22, 2021
  • Apache 2.4.49/2.4.50 Traversal RCE scanner [Metasploit]
  • Apache 2.4.49/2.4.50 Traversal RCE [Metasploit]
  • CVE-2021-41773 () [Github]
  • CVE-2021-41773 () [Github]
• October 11, 2021
  • CVE-2021-41773 (Apache 2.4.49 Path Traversal Vulnerability Checker ) [Github]
  • CVE-2021-41773-42013 () [Github]
  • CVE-2021-41773_CVE-2021-42013 (Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE) [Github]
  • cve-2021-41773-and-cve-2021-42013 (cve-2021-41773 即 cve-2021-42013 批量检测脚本) [Github]
• October 8, 2021
  • CVE-2021-41773-exploit (CVE-2021-41773, poc, exploit) [Github]
  • CVE-2021-41773 (Exploit for Apache 2.4.49) [Github]
  • CVE-2021-41773 (This is a simple POC for Apache/2.4.49 Path Traversal Vulnerability) [Github]
  • CVE-2021-41773 (POC) [Github]
  • CVE-2021-41773 (Fast python tool to test apache path traversal CVE-2021-41773 in a List of url ) [Github]
  • CVE-2021-41773 (Mass exploitation CVE-2021-41773 and auto detect possible RCE) [Github]
  • scarce-apache2 (A framework for bug hunting or pentesting targeting websites that have CVE-2021-41773 Vulnerability in public ) [Github]
• October 7, 2021
  • Simple-CVE-2021-41773-checker (Simple script realizado en bash, para revisión de múltiples hosts para CVE-2021-41773 (Apache)) [Github]
  • mass_cve-2021-41773 (MASS CVE-2021-41773) [Github]
  • CVE-2021-41773-RCE () [Github]
  • CVE-2021-41773 (exploit to CVE-2021-41773) [Github]
  • Poc-CVE-2021-41773 () [Github]
  • CVE-2021-41773 (Apache 2.4.49) [Github]
• October 6, 2021
  • apache_normalize_path (Metasploit-Framework modules (scanner and exploit) for the CVE-2021-41773 and CVE-2021-42013 (Path Traversal in Apache 2.4.49/2.4.50)) [Github]
  • POC-CVE-2021-41773 (Poc.py ) [Github]
  • CVE-2021-41773-POC (CVE-2021-41773) [Github]
  • cve-2021-41773 () [Github]
  • CVE-2021-41773 (CVE-2021-41773 的复现) [Github]
  • CVE-2021-41773 () [Github]
  • cve-2021-41773 (CVE-2021-41773 Path Traversal vulnerability in Apache 2.4.49.) [Github]
  • CVE-2021-41773 (Apache HTTP Server 2.4.49 - Path Traversal & RCE) [Github]
  • CVE-2021-41773 (CVE-2021-41773 playground) [Github]
  • CVE-2021-41773 () [Github]
  • CVE-2021-41773 (Path Traversal vulnerability in Apache 2.4.49) [Github]
  • CVE- (Docker PoC for CVE-2022-22965 with Spring Boot version 2.6.5) [Github]
  • CVE-2021-41773-PoC (PoC for CVE-2021-41773 with docker to demonstrate) [Github]
  • cve-2021-41773-nse (CVE-2021-41773.nse) [Github]
  • CVE-2021-41773 (PoC CVE-2021-41773) [Github]
  • CVE-2021-41773 (CVE-2021-41773) [Github]
  • CVE-2021-41773 (Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 (CVE-2021-41773)) [Github]
  • CVE-2021-41773 () [Github]
  • CVE-2021-41773 (Vulnerable docker images for CVE-2021-41773) [Github]
  • CVE-2021-41773 () [Github]
  • PoC-CVE-2021-41773 () [Github]
  • CVE-2021-41773-PoC () [Github]
• October 5, 2021
  • PoC for path traversal in Apache HTTP Server 2.4.49 (CVE-2021-41773) [Custom exploits]

Vulnerable software:
Apache HTTP Server
Server applications / Web servers

Vendor: Apache Foundation