Share
## https://sploitus.com/exploit?id=SAINT:5C4C9088A2942BDF0473C59CB4458D5C
Added: 10/21/2021  


### Background

Apache HTTP Server is an HTTP server implementation for Linux and Windows. 

### Problem

A path traversal vulnerability allows remote attackers to execute arbitrary commands in certain configurations if CGI scripts are enabled. 

### Resolution

Upgrade to Apache HTTP Server 2.4.51 or higher. 

### References

https://httpd.apache.org/security/vulnerabilities_24.html   


### Limitations

Exploit works on Linux targets. CGI scripts must be enabled for the /cgi-bin/ path in order for this exploit to succeed. Targets that have the default "require all denied" configuration are not vulnerable. 

### Platforms

Linux