# CVE-2021-41773 - RCE Apache version 2.4.49/2.4.50

CVE-2021-41773 is a critical security vulnerability that affects the Apache HTTP Server versions 2.4.49 and 2.4.50. This vulnerability exposes the server to both Path Traversal and Remote Code Execution (RCE) attacks, potentially allowing malicious actors to gain unauthorized access to the system and execute arbitrary code remotely.

# Vulnerability Details

    CVE ID: CVE-2021-41773
    CVSS Score: 9.8 (Critical)
    Affected Versions: Apache HTTP Server 2.4.49/2.4.50
    Attack Vector: Remote
    Exploit Complexity: Low
    Authentication: None required
    Confidentiality Impact: High
    Integrity Impact: High
    Availability Impact: High
    Attack Type: Path traversal

# Proof-of-Concept (PoC) Exploit

For the purposes of demonstrating the Remote Code Execution (RCE) part of this vulnerability, a Proof-of-Concept (PoC) exploit has been developed. However, please note that this PoC focuses solely on showcasing the RCE aspect and does not cover the entire vulnerability.

To protect users from potential abuse of this PoC exploit, it is highly recommended that administrators urgently update their Apache HTTP Server installations to version 2.4.51 or the latest available release.

# Disclaimer

The PoC exploit provided here is intended strictly for educational and informational purposes. The author assumes no liability for any misuse, damage, or unlawful access that may arise from the use of this PoC exploit. It is strongly advised to use this information responsibly and solely in controlled environments with appropriate authorization. Always seek the necessary permissions and adhere to applicable laws and regulations before conducting any security testing.