knqyf263/CVE-2021-41773

Path traversal in Apache HTTP Server 2.4.49 (CVE-2021-41773)

CVE-2021-41773

Path traversal in Apache HTTP Server 2.4.49 (CVE-2021-41773)

For educational purposes only

Test

Set up the PoC environment

$ docker build -t cve-2021-41773 . 
$ docker run --rm -dit -p 8000:80 cve-2021-41773

Confirm it works

$ curl http://localhost:8000
<html><body><h1>It works!</h1></body></html>

Exploit

It is not committed for security reasons.

References

• https://httpd.apache.org/security/vulnerabilities_24.html
• https://github.com/apache/httpd/commit/98246aa96079dad5f7b20521bbc0142a04f1c5e7