## https://sploitus.com/exploit?id=6339B021-197D-5FF8-BE88-4245DEED29B1
# ๐ CVE-2021-41773 Checker
CVE-2021-41773 Checker is a Python-based CLI tool that checks whether
a target web server is vulnerable to the Apache path traversal
vulnerability affecting Apache HTTP Server 2.4.49.
It is designed as a learning-focused proof of concept for understanding
how CVEs are identified and validated.
---
## Overview
CVE-2021-41773 is a path traversal vulnerability in Apache HTTP Server
version 2.4.49 that allows attackers to access files outside the web root
under specific configurations.
This tool performs a basic check by:
- Inspecting the server header
- Verifying the vulnerable Apache version
- Sending a controlled traversal probe
- Checking the response for sensitive file disclosure
---
## Features
- Fetches and analyzes HTTP response headers
- Detects vulnerable Apache version (2.4.49)
- Sends a known traversal payload
- Checks for `/etc/passwd` disclosure
- Clear and readable output
- Lightweight and easy to understand
---
## How It Works
The tool sends an HTTP request to the target URL and reads the `Server`
response header.
If the server reports Apache version 2.4.49:
- A known path traversal payload is appended to the URL
- The server response is checked for sensitive file content
- Results are reported clearly
If the version does not match, the scan exits early.
---
## Usage
Run the checker exactly like this
python cve_check.py
Example
python cve_check.py http://example.com
The tool will automatically perform version checking
and vulnerability probing.
---
## Output
The tool reports:
- Detected server header
- Whether the Apache version is vulnerable
- Whether path traversal was successfully confirmed
Possible results include:
- Version mismatch (not vulnerable)
- Vulnerable version detected
- Path traversal confirmed or not confirmed
---
## Requirements
- Python 3.x
- requests library
Install dependencies if needed
pip install requests
---
## Notes
- This tool checks only for CVE-2021-41773
- Version detection is header-based and may be unreliable if headers are masked
- Intended strictly for learning and authorized testing
- Do not use against systems without permission
---
## Final Thoughts
Understanding CVEs means understanding both
versioning and exploitation logic.
This tool helps connect those two pieces
in a simple and practical way.