Apache HTTP Server versions 2.4.49 and 2.4.50 were found to be vulnerable to critical path traversal and remote code execution (RCE) vulnerabilities, identified as CVE-2021-41773 and CVE-2021-42013, respectively. These vulnerabilities allowed attackers to access files outside the intended document root and, in certain configurations, execute arbitrary code on the server.
Understanding the Vulnerabilities
CVE-2021-41773: Introduced in Apache 2.4.49, this vulnerability allowed attackers to perform path traversal attacks, mapping URLs to files outside the expected document root. If these files weren't protected by the default "require all denied" configuration, unauthorized access could occur. Additionally, if CGI scripts were enabled for these aliased paths, it could lead to remote code execution.
CVE-2021-42013: Addressed in Apache 2.4.50, this fix was incomplete. Attackers could still exploit the vulnerability by using double URL encoding, allowing path traversal attacks to succeed under certain configurations. This flaw was also present in Apache 2.4.50.
Exploitation Details
The exploit tool developed by CalfCrusher targets these vulnerabilities, enabling attackers to:
Path Traversal: Access sensitive files outside the document root by crafting specific URLs.
Remote Code Execution: If CGI scripts are enabled and the server is misconfigured, attackers can execute arbitrary commands on the server.
Usage Instructions
To utilize the exploit tool:
- Clone the Repository:
git clone https://github.com/CalfCrusher/Path-traversal-RCE-Apache-2.4.49-2.4.50-Exploit
- Navigate to the Directory:
cd Path-traversal-RCE-Apache-2.4.49-2.4.50-Exploit
- Install Dependencies:
pip3 install -r requirements.txt
- Run the Exploit:
python3 main.py urls.txt
Here, urls.txt should contain a list of target URLs.
Mitigation
To protect against these vulnerabilities:
Update Apache HTTP Server: Ensure your server is running Apache 2.4.51 or later, where these issues have been addressed.
Review Server Configurations: Verify that the "require all denied" directive is properly configured to prevent unauthorized access.
Disable Unnecessary Modules: If CGI scripts are not required, disable them to reduce the attack surface.
Regularly updating server software and reviewing configurations are essential practices to maintain server security.
Support Crack-Vault and help us keep providing free tools. Every donation counts!
(BTC) Address: bc1qhhva8uplmkaa3kkwxnux9t3y6l6kmhnwqzktzn
