• Home
  • Attack
  • Dataset
  • Contact Us
        • T1-24–01–S–N–CL
        • T2-24–01–S–N–CL
        • T3-24–01–S–N–CL
        • T4-24–01–S–E–M
        • T5-24–01–S–E–LM
        • T6-24–01–S–E–FH
        • T7-24–01–M–NE–CLM
        • T8-24–01–M–NE–CFHL
        • T9-24–01–M–NE–CLM
        • T1-24–02–S–N–CIKM
        • T2-24–02–S–N–CL
        • T3-24–02–S–N–CL
        • T4-24-02-S-E-M
        • T5-24-02-S-E-DL
        • T6-24-02-S-E-DEGN
        • T7-24-02-M-NE-CDEGLN
        • T8-24-02-M-NE-CDL
        • T9-24-02-M-NE-CLH
  • T3-24–02–S–N–CL

  • Apache2 HTTP Path Traversal RCE (CVE-2021-42013)

    Apache2 HTTP Path Traversal RCE (CVE-2021-42013) is a path manipulation vulnerability in Apache HTTP Server versions 2.4.49 and 2.4.50 that enables Remote Code Execution (RCE). Attackers can exploit this flaw using path traversal techniques to access sensitive server files or execute arbitrary code via crafted requests. This vulnerability occurs under specific configuration conditions and may allow attackers full control over the server. Mitigation involves upgrading vulnerable versions to the latest security patches and applying proper configurations to prevent path traversal attacks.

    •  


  • OS IP Software Log collection
    time    		 Program
    runtime
    Attacker Ubuntu 22.04 192.168.56.119 - 10 sec 25 sec
    Victim Ubuntu 22.04 172.17.0.2 Apache 2.4.50

  • Installing
  • python3 -m pip install -r requirements.txt

  • Using
  • sudo docker load -i T3-24-02-S-N-CL.tar
    python3 run.py

  • MITRE ATT&CK Framework
  • Attack Tactic
    Reconnaissance Resource Development Initial Access Execution Persistence Privilege Escalation Defense Evasion
    Credential Discovery Lateral Movement Collection Command and Control Exfiltration Impact

  • Logs
  • ./log/2024_02_T3_{time}.pcap # YYmmdd_HHMMSS


  • References
  • [1] NIST [CVE-2021-42013]
    [2] Apache HTTP Server [CVE-2021-41773 / CVE-2021-42013 [Apache HTTP Server]]
    [3] Github - Walnut Security Services Pvt. Ltd [CVE-2021-42013]
    [4] CYBERONE [Apache HTTP Server 보안 업데이트 권고]
    [5] WINS [[CVE-2021-42013] Apache Directory Traversal]

  • ※ Click on the attack name to see a description and scenario for the attack
    • 2024 02
    • T1-24–02–S–N–CIKM
    • T2-24–02–S–N–CL
    • T3-24–02–S–N–CL
    • T4-24-02-S-E-M
    • T5-24-02-S-E-DL
    • T6-24-02-S-E-DEGN
    • T7-24-02-M-NE-CDEGLN
    • T8-24-02-M-NE-CDL
    • T9-24-02-M-NE-CLH
  • Copyright(C) 2024, KAIST Cyber Security Reserch Center. All Rights Reserved.