Exploit for Path Traversal in Apache Http_Server CVE-2021-41773

Name: Exploit for Path Traversal in Apache Http_Server CVE-2021-41773
Rating: 5 (165 reviews)
2026-04-25 | CVSS 9.8
## https://sploitus.com/exploit?id=A5C74C9A-6C27-5BE2-A6C6-5515F64F9AF9
# Apache HTTP Server 2.4.49 - Path Traversal & RCE (CVE-2021-41773)

![Python Version](https://img.shields.io/badge/python-3.13-blue.svg)
![License](https://img.shields.io/badge/license-MIT-green.svg)
![Vulnerability](https://img.shields.io/badge/CVE-2021--41773-red.svg)

A sophisticated Python-based proof-of-concept (PoC) exploit for **CVE-2021-41773**. This tool automates the process of testing Apache 2.4.49 servers for path traversal and remote code execution (RCE) vulnerabilities.

## ⚠️ Legal Disclaimer
This tool is for **educational purposes only** and for use in authorized security auditing and penetration testing. Accessing or attempting to exploit target systems without explicit prior permission is illegal and unethical. The developer assumes no liability for misuse or damage caused by this program.

---

## 📖 Background
In Apache HTTP Server 2.4.49, a flaw was found in the way path normalization was performed. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" and CGI scripts are enabled (such as `mod_cgi`), this can lead to **Remote Code Execution (RCE)**.

### Vulnerability Mechanics
- **Path Traversal:** Exploits the lack of proper validation for encoded characters.
- **RCE:** By traversing to `/bin/sh` and sending a POST request with a specific payload, an attacker can execute arbitrary system commands.

---

## 🚀 Features
- **Dynamic Command Execution:** Interactive shell-like interface for executing commands on the target.
- **Bypass Logic:** Implements double-percent encoding to evade basic signature-based security filters.
- **Robust Connection Handling:** - Prevents automatic URL normalization by the `requests` library.
  - Disables SSL verification for testing legacy systems.
  - Follows/Blocks redirects intelligently to avoid "Dead Host" resolution errors.
- **Error Diagnostics:** Clean, user-friendly error messages for Timeouts, 403 Forbidden, and 404 Not Found status codes.

---

## 🛠️ Installation

1. **Clone the Repository:**
   ```bash
   git clone [https://github.com/im2nerd/CVE-2021-41773.git](https://github.com/your-username/CVE-2021-41773.git)
   cd CVE-2021-41773
   ```
2. **Install Dependencies**
   ```bash
   pip install requests colorama urllib3
   ```