Is Apache HTTP vulnerable to path traversal?
Apache HTTP version 2.4.49 does not normalize paths correctly allowing an attacker to traverse filepaths on the server. This TTP sends a cURL request containing the location of '/etc/passwd'. If the response matches the output from the local box's '/etc/passwd', then the CVE was successfully exploited.
To view this TTPs command, you must be logged in with a professional or enterprise license.Login
Test this TTP
Download Operator (1.7.1)