CVE-2021-41773— Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-41773
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache HTTP Server 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache HTTP Server是美国阿帕奇(Apache)基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server 2.4.49版本存在路径遍历漏洞,攻击者可利用该漏洞使用路径遍历攻击将URL映射到预期文档根以外的文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Apache HTTP Server | Apache HTTP Server 2.4 2.4.49 | - |
II. Public POCs for CVE-2021-41773
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | CVE-2021-41773 Path Traversal vulnerability in Apache 2.4.49. | https://github.com/Vulnmachines/cve-2021-41773 | POC Details |
| 2 | CVE-2021-41773 | https://github.com/numanturle/CVE-2021-41773 | POC Details |
| 3 | Path traversal in Apache HTTP Server 2.4.49 (CVE-2021-41773) | https://github.com/knqyf263/CVE-2021-41773 | POC Details |
| 4 | None | https://github.com/ZephrFish/CVE-2021-41773-PoC | POC Details |
| 5 | None | https://github.com/iilegacyyii/PoC-CVE-2021-41773 | POC Details |
| 6 | None | https://github.com/masahiro331/CVE-2021-41773 | POC Details |
| 7 | Exploitation of CVE-2021-41773 a Directory Traversal in Apache 2.4.49. | https://github.com/j4k0m/CVE-2021-41773 | POC Details |
| 8 | Poc.py | https://github.com/TishcaTpx/POC-CVE-2021-41773 | POC Details |
| 9 | None | https://github.com/lorddemon/CVE-2021-41773-PoC | POC Details |
| 10 | Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE | https://github.com/Ls4ss/CVE-2021-41773_CVE-2021-42013 | POC Details |
| 11 | CVE-2021-41773 POC with Docker | https://github.com/itsecurityco/CVE-2021-41773 | POC Details |
| 12 | PoC for CVE-2021-41773 with docker to demonstrate | https://github.com/habibiefaried/CVE-2021-41773-PoC | POC Details |
| 13 | CVE-2021-41773 | https://github.com/creadpag/CVE-2021-41773-POC | POC Details |
| 14 | CVE-2021-41773.nse | https://github.com/TAI-REx/cve-2021-41773-nse | POC Details |
| 15 | CVE-2021-41773 playground | https://github.com/blasty/CVE-2021-41773 | POC Details |
| 16 | Path Traversal vulnerability in Apache 2.4.49 | https://github.com/PentesterGuruji/CVE-2021-41773 | POC Details |
| 17 | Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 (CVE-2021-41773) | https://github.com/jbovet/CVE-2021-41773 | POC Details |
| 18 | None | https://github.com/mohwahyudi/cve-2021-41773 | POC Details |
| 19 | CVE-2021-41773 的复现 | https://github.com/1nhann/CVE-2021-41773 | POC Details |
| 20 | None | https://github.com/ranggaggngntt/CVE-2021-41773 | POC Details |
| 21 | Vulnerable docker images for CVE-2021-41773 | https://github.com/BlueTeamSteve/CVE-2021-41773 | POC Details |
| 22 | Metasploit-Framework modules (scanner and exploit) for the CVE-2021-41773 and CVE-2021-42013 (Path Traversal in Apache 2.4.49/2.4.50) | https://github.com/Zeop-CyberSec/apache_normalize_path | POC Details |
| 23 | None | https://github.com/r00tVen0m/CVE-2021-41773 | POC Details |
| 24 | exploit to CVE-2021-41773 | https://github.com/n3k00n3/CVE-2021-41773 | POC Details |
| 25 | None | https://github.com/fnatalucci/CVE-2021-41773-RCE | POC Details |
| 26 | Apache 2.4.49 | https://github.com/AssassinUKG/CVE-2021-41773 | POC Details |
| 27 | Simple script realizado en bash, para revisión de múltiples hosts para CVE-2021-41773 (Apache) | https://github.com/jheeree/Simple-CVE-2021-41773-checker | POC Details |
| 28 | Apache HTTPd (2.4.49) – Local File Disclosure (LFI) | https://github.com/orangmuda/CVE-2021-41773 | POC Details |
| 29 | A framework for bug hunting or pentesting targeting websites that have CVE-2021-41773 Vulnerability in public | https://github.com/HightechSec/scarce-apache2 | POC Details |
| 30 | CVE-2021-41773, poc, exploit | https://github.com/vinhjaxt/CVE-2021-41773-exploit | POC Details |
| 31 | CVE-2021-41773 exploit PoC with Docker setup. | https://github.com/sixpacksecurity/CVE-2021-41773 | POC Details |
| 32 | None | https://github.com/Hattan515/POC-CVE-2021-41773 | POC Details |
| 33 | CVE-2021-41773: Path Traversal Zero-Day in Apache HTTP Server Exploited | https://github.com/twseptian/cve-2021-41773 | POC Details |
| 34 | CVE-2021-41773 | https://github.com/noflowpls/CVE-2021-41773 | POC Details |
| 35 | Apache 2.4.49 Exploit | https://github.com/McSl0vv/CVE-2021-41773 | POC Details |
| 36 | None | https://github.com/shiomiyan/CVE-2021-41773 | POC Details |
| 37 | MASS CVE-2021-41773 | https://github.com/justakazh/mass_cve-2021-41773 | POC Details |
| 38 | Mass exploitation CVE-2021-41773 and auto detect possible RCE | https://github.com/Sakura-nee/CVE-2021-41773 | POC Details |
| 39 | This is a simple POC for Apache/2.4.49 Path Traversal Vulnerability | https://github.com/shellreaper/CVE-2021-41773 | POC Details |
| 40 | Exploit for Apache 2.4.49 | https://github.com/0xRar/CVE-2021-41773 | POC Details |
| 41 | None | https://github.com/pisut4152/Sigma-Rule-for-CVE-2021-41773-and-CVE-2021-42013-exploitation-attempt | POC Details |
| 42 | A Zeek package which raises notices for Path Traversal/RCE in Apache HTTP Server 2.4.49 (CVE-2021-41773) and 2.4.50 (CVE-2021-42013) | https://github.com/corelight/CVE-2021-41773 | POC Details |
| 43 | Fast python tool to test apache path traversal CVE-2021-41773 in a List of url | https://github.com/zeronine9/CVE-2021-41773 | POC Details |
| 44 | A Python script to check if an Apache web server is vulnerable to CVE-2021-41773 | https://github.com/b1tsec/CVE-2021-41773 | POC Details |
| 45 | POC | https://github.com/superzerosec/CVE-2021-41773 | POC Details |
| 46 | Apache (Linux) CVE-2021-41773/2021-42013 Mass Vulnerability Checker | https://github.com/im-hanzou/apachrot | POC Details |
| 47 | CVE-2021-41773 CVE-2021-42013漏洞批量检测工具 | https://github.com/inbug-team/CVE-2021-41773_CVE-2021-42013 | POC Details |
| 48 | cve-2021-41773 即 cve-2021-42013 批量检测脚本 | https://github.com/5gstudent/cve-2021-41773-and-cve-2021-42013 | POC Details |
| 49 | Apache 2.4.49 Path Traversal Vulnerability Checker | https://github.com/EagleTube/CVE-2021-41773 | POC Details |
| 50 | None | https://github.com/cgddgc/CVE-2021-41773-42013 | POC Details |
| 51 | CVE-2021-41773 Grabber | https://github.com/apapedulimu/Apachuk | POC Details |
| 52 | Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE | https://github.com/scarmandef/CVE-2021-41773 | POC Details |
| 53 | Path Traversal and RCE in Apache HTTP Server 2.4.49 | https://github.com/0xAlmighty/CVE-2021-41773-PoC | POC Details |
| 54 | critical: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (CVE-2021-42013) | https://github.com/ksanchezcld/httpd-2.4.49 | POC Details |
| 55 | Tool check: CVE-2021-41773, CVE-2021-42013, CVE-2020-17519 | https://github.com/MrCl0wnLab/SimplesApachePathTraversal | POC Details |
| 56 | apache httpd path traversal checker(CVE-2021-41773 / CVE-2021-42013) | https://github.com/theLSA/apache-httpd-path-traversal-checker | POC Details |
| 57 | The first vulnerability with the CVE identifier CVE-2021-41773 is a path traversal flaw that exists in Apache HTTP Server 2.4.49. | https://github.com/LudovicPatho/CVE-2021-41773 | POC Details |
| 58 | Simple honeypot for CVE-2021-41773 vulnerability | https://github.com/lopqto/CVE-2021-41773_Honeypot | POC Details |
| 59 | Lab setup for CVE-2021-41773 (Apache httpd 2.4.49) and CVE-2021-42013 (Apache httpd 2.4.50). | https://github.com/zerodaywolf/CVE-2021-41773_42013 | POC Details |
| 60 | None | https://github.com/qwutony/CVE-2021-41773 | POC Details |
| 61 | None | https://github.com/LayarKacaSiber/CVE-2021-41773 | POC Details |
| 62 | None | https://github.com/BabyTeam1024/CVE-2021-41773 | POC Details |
| 63 | cve-2021-41773.py is a python script that will help in finding Path Traversal or Remote Code Execution vulnerability in Apache 2.4.49 | https://github.com/walnutsecurity/cve-2021-41773 | POC Details |
| 64 | Poc CVE-2021-41773 - Apache 2.4.49 with CGI enabled | https://github.com/TheLastVvV/CVE-2021-41773 | POC Details |
| 65 | None | https://github.com/MazX0p/CVE-2021-41773 | POC Details |
| 66 | A automatic scanner to apache 2.4.49 | https://github.com/vida003/Scanner-CVE-2021-41773 | POC Details |
| 67 | Remote Code Execution exploit for Apache servers. Affected versions: Apache 2.4.49, Apache 2.4.50 | https://github.com/mr-exo/CVE-2021-41773 | POC Details |
| 68 | Setup vulnerable enviornment | https://github.com/wolf1892/CVE-2021-41773 | POC Details |
| 69 | Some docker images to play with CVE-2021-41773 and CVE-2021-42013 | https://github.com/Hydragyrum/CVE-2021-41773-Playground | POC Details |
| 70 | This Metasploit module exploits an unauthenticated remote code execution vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used to execute arbitrary commands. This vulnerability has been reintroduced in the Apache 2.4.50 fix (CVE-2021-42013). | https://github.com/IcmpOff/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution-Exploit | POC Details |
| 71 | Ce programme permet de détecter une faille RCE sur les serveurs Apache 2.4.49 et Apache 2.4.50 | https://github.com/pirenga/CVE-2021-41773 | POC Details |
| 72 | None | https://github.com/kubota/POC-CVE-2021-41773 | POC Details |
| 73 | None | https://github.com/xMohamed0/CVE-2021-41773 | POC Details |
| 74 | None | https://github.com/i6c/MASS_CVE-2021-41773 | POC Details |
| 75 | School project - Please use other repos for actual testing | https://github.com/norrig/CVE-2021-41773-exploiter | POC Details |
| 76 | A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and not earlier versions. Credits to: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41773 | https://github.com/m96dg/CVE-2021-41773-exercise | POC Details |
| 77 | None | https://github.com/skentagon/CVE-2021-41773 | POC Details |
| 78 | These Metasploit, Nmap, Python and Ruby scripts detects and exploits CVE-2021-41773 with RCE and local file disclosure. | https://github.com/mauricelambert/CVE-2021-41773 | POC Details |
| 79 | Small PoC of CVE-2021-41773 | https://github.com/the29a/CVE-2021-41773 | POC Details |
| 80 | Apache2 2.4.49 - LFI & RCE Exploit - CVE-2021-41773 | https://github.com/thehackersbrain/CVE-2021-41773 | POC Details |
| 81 | None | https://github.com/honypot/CVE-2021-41773 | POC Details |
| 82 | None | https://github.com/Fa1c0n35/CVE-2021-41773 | POC Details |
| 83 | None | https://github.com/puckiestyle/CVE-2021-41773 | POC Details |
| 84 | None | https://github.com/zer0qs/CVE-2021-41773 | POC Details |
| 85 | None | https://github.com/DoTuan1/Reserch-CVE-2021-41773 | POC Details |
| 86 | Environment for CVE-2021-41773 recreation. | https://github.com/bernardas/netsec-polygon | POC Details |
| 87 | CVE-2021-41773 | CVE-2021-42013 Exploit Tool (Apache/2.4.49-2.4.50) | https://github.com/CalfCrusher/Path-traversal-RCE-Apache-2.4.49-2.4.50-Exploit | POC Details |
| 88 | None | https://github.com/vuongnv3389-sec/cve-2021-41773 | POC Details |
| 89 | None | https://github.com/Chocapikk/CVE-2021-41773 | POC Details |
| 90 | CVE-2021-41773&CVE-2021-42013图形化漏洞检测利用工具 | https://github.com/wangfly-me/Apache_Penetration_Tool | POC Details |
| 91 | CVE-2021-41773 Shodan scanner | https://github.com/anldori/CVE-2021-41773-Scanner | POC Details |
| 92 | Essay (and PoCs) about CVE-2021-41773, a remote code execution vulnerability in Apache 2.4.49 🕸️ | https://github.com/iosifache/ApacheRCEEssay | POC Details |
| 93 | CVE-2021-41773 | Apache HTTP Server 2.4.49 is vulnerable to Path Traversal and Remote Code execution attacks | https://github.com/Habib0x0/CVE-2021-41773 | POC Details |
| 94 | A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013. | https://github.com/pwn3z/CVE-2021-41773-Apache-RCE | POC Details |
| 95 | Mitigation/fix of CVE-2021-41773 A Path Traversal And File Disclosure Vulnerability In Apache | https://github.com/EkamSinghWalia/Mitigation-Apache-CVE-2021-41773- | POC Details |
| 96 | CVE-2021-41773 Gaurav Raj's exploit modified by Plunder | https://github.com/Plunder283/CVE-2021-41773 | POC Details |
| 97 | None | https://github.com/mightysai1997/cve-2021-41773 | POC Details |
| 98 | None | https://github.com/mightysai1997/CVE-2021-41773h | POC Details |
| 99 | None | https://github.com/mightysai1997/cve-2021-41773-v- | POC Details |
| 100 | None | https://github.com/mightysai1997/CVE-2021-41773-i- | POC Details |
| 101 | None | https://github.com/mightysai1997/CVE-2021-41773-L- | POC Details |
| 102 | None | https://github.com/mightysai1997/CVE-2021-41773-PoC | POC Details |
| 103 | None | https://github.com/mightysai1997/CVE-2021-41773.git1 | POC Details |
| 104 | None | https://github.com/mightysai1997/CVE-2021-41773m | POC Details |
| 105 | None | https://github.com/mightysai1997/CVE-2021-41773S | POC Details |
| 106 | None | https://github.com/dileepdkumar/LayarKacaSiber-CVE-2021-41773 | POC Details |
| 107 | apache路径穿越漏洞poc&exp | https://github.com/aqiao-jashell/CVE-2021-41773 | POC Details |
| 108 | python编写的apache路径穿越poc&exp | https://github.com/aqiao-jashell/py-CVE-2021-41773 | POC Details |
| 109 | Vulnerable configuration Apache HTTP Server version 2.4.49 | https://github.com/12345qwert123456/CVE-2021-41773 | POC Details |
| 110 | Apache HTTP-Server 2.4.49-2.4.50 Path Traversal & Remote Code Execution PoC (CVE-2021-41773 & CVE-2021-42013) | https://github.com/blackn0te/Apache-HTTP-Server-2.4.49-2.4.50-Path-Traversal-Remote-Code-Execution | POC Details |
| 111 | Exploit for path transversal vulnerability in apache | https://github.com/TheKernelPanic/exploit-apache2-cve-2021-41773 | POC Details |
| 112 | CVE-2021-41773 vulnerable apache version 2.4.49 lab set-up. | https://github.com/retrymp3/apache2.4.49VulnerableLabSetup | POC Details |
| 113 | A little demonstration of cve-2021-41773 on httpd docker containers | https://github.com/MatanelGordon/docker-cve-2021-41773 | POC Details |
| 114 | Exploit created in python3 to exploit known vulnerabilities in Apache web server (CVE-2021-41773, CVE-2021-42013) | https://github.com/0xGabe/Apache-CVEs | POC Details |
| 115 | Exploit CVE-2021-41773 and CVE-2021-42013 | https://github.com/OfriOuzan/CVE-2021-41773_CVE-2021-42013_Exploits | POC Details |
| 116 | Simple Metasploit-Framework module for conducting website penetration tests (CVE-2021-41773). | https://github.com/belajarqywok/CVE-2021-41773-MSF | POC Details |
| 117 | None | https://github.com/Iris288/CVE-2021-41773 | POC Details |
| 118 | None | https://github.com/ilurer/CVE-2021-41773-42013 | POC Details |
| 119 | CVE-2021-41773, CVE-2021-42013 | https://github.com/OpenCVEs/CVE-2021-41773 | POC Details |
| 120 | CVE-2021-41773.py | https://github.com/Maybe4a6f7365/CVE-2021-41773 | POC Details |
| 121 | None | https://github.com/5l1v3r1/CVE-2021-41773-42013 | POC Details |
| 122 | POC & Lab For CVE-2021-41773 | https://github.com/0xc4t/CVE-2021-41773 | POC Details |
| 123 | Apache-HTTP-Server-2.4.50-RCE This tool is designed to test Apache servers for the CVE-2021-41773 / CVE-2021-42013 vulnerability. It is intended for educational purposes only and should be used responsibly on systems you have explicit permission to test. | https://github.com/Zyx2440/Apache-HTTP-Server-2.4.50-RCE | POC Details |
| 124 | Apache: a Mainstream Web Service Turned a Vector of Attack for Remote Code Execution | https://github.com/jkska23/Additive-Vulnerability-Analysis-CVE-2021-41773 | POC Details |
| 125 | This document provides step-by-step instructions on performing a proof of concept (PoC) exploit on Apache HTTP Server 2.4.29, taking advantage of the path traversal vulnerability (CVE-2021-41773) and the globally accessible /tmp folder on Linux and MITIGATION | https://github.com/nwclasantha/Apache_2.4.29_Exploit | POC Details |
| 126 | None | https://github.com/redspy-sec/CVE-2021-41773 | POC Details |
| 127 | MASS CVE-2021-41773 | https://github.com/FakesiteSecurity/CVE-2021-41773 | POC Details |
| 128 | None | https://github.com/Taldrid1/cve-2021-41773 | POC Details |
| 129 | This repository contains a Proof-of-Concept for the CVE-2021-41773. This CVE contains a LFI and RCE vulnerablity. | https://github.com/tiemio/SSH-key-and-RCE-PoC-for-CVE-2021-41773 | POC Details |
| 130 | Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE | https://github.com/ch4os443/CVE-2021-41773 | POC Details |
| 131 | In this project, I documented a detailed penetration testing process targeting Apache HTTP Server vulnerabilities, specifically CVE-2021-41773 and CVE-2021-42013, which involve Path Traversal and Remote Code Execution (RCE). | https://github.com/Vanshuk-Bhagat/Apache-HTTP-Server-Vulnerabilities-CVE-2021-41773-and-CVE-2021-42013 | POC Details |
| 132 | CVE-2021-41773 | https://github.com/javaamo/CVE-2021-41773 | POC Details |
| 133 | The POC and Lab setup documentation of CVE 2021 41773 | https://github.com/ashique-thaha/CVE-2021-41773-POC | POC Details |
| 134 | On the 11/11/21 the apache 2.4.49-2.4.50 remote command execution POC has been published online and this is a loader so that you can mass exploit servers using this. | https://github.com/Soliux/CVE-2021-41773 | POC Details |
| 135 | None | https://github.com/luongchivi/CVE-2021-41773 | POC Details |
| 136 | None | https://github.com/luongchivi/Preproduce-CVE-2021-41773 | POC Details |
| 137 | A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally, this flaw could leak the source of interpreted files like CGI scripts. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-41773.yaml | POC Details |
| 138 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Apache%20HTTPd%20%E8%B7%AF%E5%BE%84%E7%A9%BF%E8%B6%8A%E6%BC%8F%E6%B4%9E%20CVE-2021-41773.md | POC Details |
| 139 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Apache%20HTTP%20Server%202.4.49%20%E8%B7%AF%E5%BE%84%E7%A9%BF%E8%B6%8A%E6%BC%8F%E6%B4%9E%20CVE-2021-41773.md | POC Details |
| 140 | None | https://github.com/chaitin/xray-plugins/blob/main/poc/manual/apache-httpd-cve-2021-41773-rce.yml | POC Details |
| 141 | https://github.com/vulhub/vulhub/blob/master/httpd/CVE-2021-41773/README.md | POC Details | |
| 142 | Kiểm thử xâm nhập | https://github.com/khaidtraivch/CVE-2021-41773-Apache-2.4.49- | POC Details |
| 143 | Apache 2.4.49 Exploit | https://github.com/RizqiSec/CVE-2021-41773 | POC Details |
| 144 | None | https://github.com/Ask-os/CVE-2021-41773 | POC Details |
| 145 | None | https://github.com/CyberQuestor-infosec/CVE-2021-41773-Apache_2.4.49-Path-traversal-to-RCE | POC Details |
| 146 | Detects Apache HTTP Server path traversal vulnerabilities (CVE-2021-41773, CVE-2021-42013) by checking for exposure of /etc/passwd through various traversal techniques. | https://github.com/psibot/apache-vulnerable | POC Details |
| 147 | Python exploit for CVE-2021-41773 - Apache HTTP Server 2.4.49 Path Traversal vulnerability | https://github.com/blu3ming/PoC-CVE-2021-41773 | POC Details |
| 148 | None | https://github.com/r0otk3r/CVE-2021-41773 | POC Details |
| 149 | None | https://github.com/AzK-os-dev/CVE-2021-41773 | POC Details |
| 150 | None | https://github.com/rajaabdullahnasir/CVE-2021-41773_exploitation | POC Details |
| 151 | None | https://github.com/JIYUN02/cve-2021-41773 | POC Details |
| 152 | Bash POC script for RCE vulnerability in Apache 2.4.49 | https://github.com/mah4nzfr/CVE-2021-41773 | POC Details |
| 153 | None | https://github.com/charanvoonna/CVE-2021-41773 | POC Details |
| 154 | Docker container lab to play/learn with CVE-2021-41773 | https://github.com/twseptian/cve-2021-41773-docker-lab | POC Details |
| 155 | CTF_WRITEUPS/TryHackMe /CVE-2021-41773/ | https://github.com/hackedrishi/CTF_WRITEUPS-TryHackMe-CVE-2021-41773- | POC Details |
| 156 | Documented CVE-2021-41773 (Apache HTTP Server path traversal, CVSS 9.8) — produced CVSS breakdown, impact assessment, and a mitigation plan (patch to 2.4.51+, CGI disable, firewall) and published the analysis on GitHub. | https://github.com/MuhammadHuzaifaAsif/security-lab | POC Details |
| 157 | Remote Code Execution PoC for Apache 2.4.49 | https://github.com/gunzf0x/CVE-2021-41773 | POC Details |
| 158 | None | https://github.com/AzkOsDev/CVE-2021-41773 | POC Details |
| 159 | None | https://github.com/Mahfujurjust/CVE-2021-41773 | POC Details |
| 160 | None | https://github.com/adrianmafandy/CVE-2021-41773 | POC Details |
| 161 | Path Traversal Apache HTTP Server 2.4.49/2.4.50 | https://github.com/faizdotid/CVE-2021-41773 | POC Details |
| 162 | Apache CVE-2021-41773 | https://github.com/rikdek/CVE-2021-41773 | POC Details |
| 163 | Technical analysis and reproduction lab for the Apache HTTP Server 2.4.49 Path Traversal and RCE vulnerability. | https://github.com/ChanaPCN/CVE-2021-41773-Analysis | POC Details |
| 164 | A simple Python proof-of-concept tool to check for Apache path traversal vulnerability (CVE-2021-41773). Detects vulnerable server versions and verifies exploitation by probing sensitive files. Built for learning CVE analysis, not mass exploitation. | https://github.com/sudo0xksh/cve-2021-41773-checker | POC Details |
| 165 | PoC скрипт для CVE-2021-41773 - Path Traversal в Apache 2.4.49 | https://github.com/dserdyk3-arch/Serdyuk-DO-homework-CVE-2021-41773 | POC Details |
| 166 | None | https://github.com/ISabbiI/PoC-Apache-CVE-2021-41773-Infrastructure-LAB | POC Details |
| 167 | This program Prompts you for the Local File Inclusion information and will automatically search the /etc/passwd and using the users names found will search for and download any SSH key or variation of keys to the local computer. This program also performs the CVE-2021-41773_ apache2.4.49 and 50 traversal path exploit. In addtion to other LFI Vuln | https://github.com/RevShellXD/LFI-Destruction | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-41773
请登录查看更多情报信息。
- https://www.oracle.com/security-alerts/cpujan2022.htmlx_refsource_MISC
- https://security.netapp.com/advisory/ntap-20211029-0009/x_refsource_CONFIRM
- Apache HTTPD: Multiple Vulnerabilities (GLSA 202208-20) — Gentoo securityvendor-advisoryx_refsource_GENTOO
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/vendor-advisoryx_refsource_FEDORA
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZvendor-advisoryx_refsource_CISCO
- https://nvd.nist.gov/vuln/detail/CVE-2021-41773
IV. Related Vulnerabilities
Same product: Apache HTTP Server
- CVE-2026-28780
Apache HTTP Server: buffer overflow in mod_proxy_ajp via aj - CVE-2026-29168
Apache HTTP Server: mod_md unrestricted OCSP response - CVE-2026-29169
Apache HTTP Server: mod_dav_lock indirect lock crash - CVE-2026-23918
Apache HTTP Server: http2: double free and possible RCE on e - CVE-2026-33006
Apache HTTP Server: mod_auth_digest timing attack
Same vendor: Apache Software Foundation
- CVE-2026-39816
Apache NiFi: Missing Execute Code Required Permission on Tin - CVE-2026-25199
Apache CloudStack: Proxmox Extension Allows Unauthorized Cro - CVE-2026-25077
Apache CloudStack: Unauthenticated Command Injection in Dire - CVE-2025-69233
Apache CloudStack: Domain/account resources limits not honor - CVE-2025-66467
Apache CloudStack: MinIO policy remains intact on bucket del
Same weakness: CWE-22
- CVE-2026-8274
npitre cramfs-tools Directory cramfsck.c do_directory path t - CVE-2022-50956
WordPress Plugin amministrazione-aperta 3.7.3 Local File Rea - CVE-2026-8215
Industrial Application Software IAS Canias ERP RMI iasReques - CVE-2026-42605
AzuraCast: Path Traversal in `currentDirectory` Parameter En - CVE-2026-42574
apko dirFS has a symlink-following path traversal that allow
V. Comments for CVE-2021-41773
No comments yet