vulf/CVE-2021-41773_42013

Lab setup for CVE-2021-41773 (Apache httpd 2.4.49) and CVE-2021-42013 (Apache httpd 2.4.50).

CVE-2021-41773 and CVE-2021-42013 Lab Setup

Setup

$ git clone https://github.com/vulf/CVE-2021-41773_42013
$ cd CVE-2021-41773_42013
cd to the directory of your choice
$ docker build -t vuln_apache .
$ docker run -d vuln_apache

NOTE: The httpd.conf files are configured to be vulnerable to RCE by default. For only Path Traversal, read this.

For Path Traversal setup

• Comment the following line in httpd.conf

LoadModule cgid_module modules/mod_cgid.so