Listen to this Post
The CVE-2021-41773 vulnerability exists in Apache HTTP Server versions 2.4.49. A flaw was introduced in the normalization of file paths within the new `ap_normalize_path()` function. This function inadequately validated the input path, allowing an attacker to use a path traversal sequence (e.g., ../) to escape the document root. Specifically, if a directory was configured with Require all granted, an attacker could craft a URL-encoded request that bypassed the path normalization checks. For example, a request like `GET /icons/.%2e/%2e%2e/etc/passwd` would incorrectly map to a path outside the root directory. This allows unauthorized access to arbitrary files on the filesystem. In certain configurations where Common Gateway Interface (CGI) scripts are enabled, this traversal could be leveraged to achieve remote code execution by sending a maliciously crafted request to an executable script, effectively allowing the attacker to execute shell commands on the server with the privileges of the Apache process.
Platform: Apache HTTP Server
Version: 2.4.49
Vulnerability: Path Traversal
Severity: Critical
date: 2021-10-05
Prediction: 2021-10-07
What Undercode Say:
curl -v "http://target/cgi-bin/.%2e/.%2e/.%2e/.%2e/etc/passwd"
nmap -p 80 --script http-vuln-cve2021-41773 <target>
Check server version httpd -v
How Exploit:
Attackers craft URLs with URL-encoded path traversal sequences (%2e%2e/ for ../) to access files outside the web root. If mod_cgi is enabled, they append commands to the URL to achieve RCE.
Protection from this CVE
Immediately upgrade to Apache HTTP Server version 2.4.50 or later. If immediate patching is not possible, implement strict access control rules in configuration files to deny all requests containing path traversal sequences.
Impact:
Unauthorized file disclosure and full remote code execution on vulnerable servers, potentially leading to complete system compromise.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
