Share
## https://sploitus.com/exploit?id=6339B021-197D-5FF8-BE88-4245DEED29B1
# ๐Ÿ›‘ CVE-2021-41773 Checker

CVE-2021-41773 Checker is a Python-based CLI tool that checks whether
a target web server is vulnerable to the Apache path traversal
vulnerability affecting Apache HTTP Server 2.4.49.

It is designed as a learning-focused proof of concept for understanding
how CVEs are identified and validated.

---

## Overview

CVE-2021-41773 is a path traversal vulnerability in Apache HTTP Server
version 2.4.49 that allows attackers to access files outside the web root
under specific configurations.

This tool performs a basic check by:
- Inspecting the server header
- Verifying the vulnerable Apache version
- Sending a controlled traversal probe
- Checking the response for sensitive file disclosure

---

## Features

- Fetches and analyzes HTTP response headers
- Detects vulnerable Apache version (2.4.49)
- Sends a known traversal payload
- Checks for `/etc/passwd` disclosure
- Clear and readable output
- Lightweight and easy to understand

---

## How It Works

The tool sends an HTTP request to the target URL and reads the `Server`
response header.

If the server reports Apache version 2.4.49:
- A known path traversal payload is appended to the URL
- The server response is checked for sensitive file content
- Results are reported clearly

If the version does not match, the scan exits early.

---

## Usage

Run the checker exactly like this  
python cve_check.py 

Example  
python cve_check.py http://example.com

The tool will automatically perform version checking
and vulnerability probing.

---

## Output

The tool reports:
- Detected server header
- Whether the Apache version is vulnerable
- Whether path traversal was successfully confirmed

Possible results include:
- Version mismatch (not vulnerable)
- Vulnerable version detected
- Path traversal confirmed or not confirmed

---

## Requirements

- Python 3.x
- requests library

Install dependencies if needed  
pip install requests

---

## Notes

- This tool checks only for CVE-2021-41773
- Version detection is header-based and may be unreliable if headers are masked
- Intended strictly for learning and authorized testing
- Do not use against systems without permission

---

## Final Thoughts

Understanding CVEs means understanding both
versioning and exploitation logic.

This tool helps connect those two pieces
in a simple and practical way.