Is Apache HTTP vulnerable to path traversal?

/static/assets/linux-logo.svg
Apache HTTP version 2.4.49 does not normalize paths correctly allowing an attacker to traverse filepaths on the server. This TTP sends a cURL request containing the location of '/etc/passwd'. If the response matches the output from the local box's '/etc/passwd', then the CVE was successfully exploited.
locked
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.

Login

Test this TTP

Download Operator (1.7.0)
Test this TTP using one of our Operator chains
Is Apache vulnerable to CVE-2021-41773?

2022-07-12

/static/assets/linux-logo.svg
Check if Apache HTTP is vulnerable to path traversal or remote code execution by exploiting CVE-2021-41773.