what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Ash Daulton

Apache 2.4.49/2.4.50 Traversal Remote Code Execution Scanner

Posted Sep 1, 2024

Authored by Dhiraj Mishra, mekhalleh, Ash Daulton | Site metasploit.com

This Metasploit module scans for an unauthenticated RCE vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used to execute arbitrary commands (Remote Command Execution). This vulnerability has been reintroduced in Apache 2.4.50 fix (CVE-2021-42013).

tags | exploit, remote, arbitrary, cgi, root

advisories | CVE-2021-41773, CVE-2021-42013

SHA-256 | 8661970ef7fbc7bc8a93b978a820b094101fa41f1545520eb469ee134ef69aa9

Download | Favorite | View

Apache 2.4.49 / 2.4.50 Traversal / Remote Code Execution

Posted Oct 25, 2021

Authored by Dhiraj Mishra, Ramella Sebastien, Ash Daulton | Site metasploit.com

This Metasploit module exploits an unauthenticated remote code execution vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used to execute arbitrary commands. This vulnerability has been reintroduced in the Apache 2.4.50 fix (CVE-2021-42013).

tags | exploit, remote, arbitrary, cgi, root, code execution

advisories | CVE-2021-41773, CVE-2021-42013

SHA-256 | a75779abdd3a9f2a319a34c0efbba4f95b420f39624081c3a13752641b7c8d6d

Download | Favorite | View