Is Apache HTTP vulnerable to path traversal?

Apache HTTP version 2.4.49 does not normalize paths correctly allowing an attacker to traverse filepaths on the server. This TTP sends a cURL request containing the location of '/etc/passwd'. If the response matches the output from the local box's '/etc/passwd', then the CVE was successfully exploited.
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.


Test this TTP

Download Operator (1.7.1)
Test this TTP using one of our Operator chains
Is Apache vulnerable to CVE-2021-41773?


Check if Apache HTTP is vulnerable to path traversal or remote code execution by exploiting CVE-2021-41773.