Share
## https://sploitus.com/exploit?id=0C5893BE-D12E-550A-A773-CCA8D215504F
# CVE-2021-41773 Exploit Development Demo

This repository demonstrates the identification, testing, and proof-of-concept exploitation of **CVE-2021-41773**, a path traversal vulnerability in Apache HTTP Server 2.4.49.

## Vulnerability Overview

**CVE-2021-41773** is a path traversal and file disclosure vulnerability affecting Apache HTTP Server versions 2.4.49.  
A flaw in path normalization allowed attackers to bypass restrictions and map URLs to files outside the expected document root using specially encoded sequences (e.g., `.%2e/` which decodes to `../`).

If files outside the document root are not properly protected (e.g., missing `Require all denied` in ``), an attacker can:
- Read arbitrary files (such as `/etc/passwd`)
- In some configurations with CGI enabled, achieve remote code execution (RCE)

**Affected Versions**: Apache HTTP Server 2.4.49  
**Patched Versions**: Apache HTTP Server 2.4.50 and later  
**CVSS Score**: 7.5 (High) โ€“ CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N  
**References**:
- [NVD - CVE-2021-41773](https://nvd.nist.gov/vuln/detail/CVE-2021-41773)
- [Apache Security Advisory](https://httpd.apache.org/security/vulnerabilities_24.html)
- [Qualys Analysis](https://blog.qualys.com/vulnerabilities-threat-research/2021/10/27/apache-http-server-path-traversal-remote-code-execution-cve-2021-41773-cve-2021-42013)

## Repository Contents

- `script.py` โ€” Python exploit script to test and exploit the vulnerability (dumps `/etc/passwd` if vulnerable)
- `report.py` โ€” Python script to generate a professional PDF report with screenshots and explanations
- `screenshots-cve-41773/` โ€” Folder containing proof screenshots:
  - `1.png` โ€” Basic server response ("It works!")
  - `2.png` โ€” Incorrect URL syntax test
  - `3.png` โ€” Correct basic access confirmation
  - `4.png` โ€” 404 on invalid path
  - `5.png` โ€” Successful path traversal exploit showing `/etc/passwd` contents
- `report.pdf` (generated) โ€” Final PDF report with embedded screenshots and step-by-step documentation

## Setup and Reproduction Environment

This demo uses a Dockerized Apache 2.4.49 instance with CGI enabled and misconfigured directory permissions for educational purposes only.

### Docker Setup (from project root)

```bash
docker build -t apache-41773 .
docker run -d -p 8080:80 --name apache41773 apache-41773