Exploit for #VU57127 OS Command Injection in Apache HTTP Server

Cybersecurity Help s.r.o.

Published: 2021-10-07 | Updated: 2023-04-30

Vulnerability identifier: #VU57127

Vulnerability risk: Critical

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2021-42013

CWE-ID: CWE-78

Exploitation vector: Network

Exploits in database: 23

April 30, 2023
- Apache-HTTP-Server-2.4.49-2.4.50-Path-Traversal-Remote-Code-Execution (Apache HTTP-Server 2.4.49-2.4.50 Path Traversal & Remote Code Execution PoC (CVE-2021-41773 & CVE-2021-42013)) [Github]
December 15, 2022
- apache-traversal (This exploit is based on a few CVE vulnerabilities affecting Apache 2.4.49. We use URL-encoded characters to access certain files or otherwise restricted resources on the server. Possible RCE on certain systems as well.) [Github]
September 30, 2022
- CVE-2021-41773 (Apache 2.4.49 & 2.4.50 Path Traversal to RCE exploit) [Github]
July 28, 2022
- CVE-2021-42013 (Apache 2.4.49-50 Remote Code Execution Exploit) [Github]
- CVE-2021-42013 (Apache 2.4.49-50 Remote Code Execution Exploit) [Github]
May 31, 2022
- cve-2021-42013 (Exploit for Apache 2.4.50 (CVE-2021-42013)) [Github]
April 7, 2022
- Path-traversal-RCE-Apache-2.4.49-2.4.50-Exploit (CVE-2021-41773 | CVE-2021-42013 Exploit Tool (Apache/2.4.49-2.4.50)) [Github]
April 5, 2022
- Exploit-for-path-traversal-attack-and-RCE-in-Apache-2.4.49---2.4.50 (CVE-2021-41773 | CVE-2021-42013 Exploiter Tool) [Github]
December 26, 2021
- CVE-2021-42013-Apache-RCE-Poc-Exp (Apache 远程代码执行（CVE-2021-42013）批量检测工具：Apache HTTP Server是美国阿帕奇（Apache）基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点，发现 Apache HTTP Server 2.4.50 中针对 CVE-2021-41773 的修复不够充分。攻击者可以使用路径遍历攻击将 URL 映射到由类似别名的指令配置的目录之外的文件。如果这些目录之外的文件 [Github]
November 25, 2021
- Apache HTTP Server 2.4.50 - Remote Code Execution (RCE) (3) [Exploit-DB]
- Apache HTTP Server 2.4.50 - Path Traversal & Remote Code Execution (RCE) [Exploit-DB]
- Apache HTTP Server 2.4.50 - Remote Code Execution (RCE) (2) [Exploit-DB]
November 16, 2021
- CVE-2021-42013-ApacheRCE () [Github]
November 3, 2021
- CVE-2021-42013 (Exploit Apache 2.4.50(CVE-2021-42013)) [Github]
October 27, 2021
- cve-2021-42013 (cve-2021-42013.py is a python script that will help in finding Path Traversal or Remote Code Execution vulnerability in Apache 2.4.50) [Github]
October 24, 2021
- CVE-2021-42013 (Poc CVE-2021-42013 - Apache 2.4.50 without CGI) [Github]
October 22, 2021
- Apache 2.4.49/2.4.50 Traversal RCE scanner [Metasploit]
- Apache 2.4.49/2.4.50 Traversal RCE [Metasploit]
- CVE-2021-42013 () [Github]
October 11, 2021
- CVE-2021-41773_CVE-2021-42013 (Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE) [Github]
- cve-2021-41773-and-cve-2021-42013 (cve-2021-41773 即 cve-2021-42013 批量检测脚本) [Github]
October 8, 2021
- cve-2021-42013 (Apache 2.4.50 Path traversal vulnerability) [Github]
October 7, 2021
- apache-exploit-CVE-2021-42013 (Exploit with integrated shodan search) [Github]

Vulnerable software:
Apache HTTP Server
Server applications / Web servers

Vendor: Apache Foundation