Exploit Apache HTTP Server path traversal

Name: Apache HTTP Server path traversal
Rating: 5 (7 reviews)

2021-10-21 | CVSS 1.1

## https://sploitus.com/exploit?id=SAINT:5C4C9088A2942BDF0473C59CB4458D5C
Added: 10/21/2021  


### Background

[Apache HTTP Server](<http://httpd.apache.org/>) is an HTTP server implementation for Linux and Windows. 

### Problem

A path traversal vulnerability allows remote attackers to execute arbitrary commands in certain configurations if CGI scripts are enabled. 

### Resolution

[Upgrade](<https://httpd.apache.org/download.cgi>) to Apache HTTP Server 2.4.51 or higher. 

### References

<https://httpd.apache.org/security/vulnerabilities_24.html>  


### Limitations

Exploit works on Linux targets. CGI scripts must be enabled for the /cgi-bin/ path in order for this exploit to succeed. Targets that have the default "require all denied" configuration are not vulnerable. 

### Platforms

Linux