CrowdSec
4/10CrowdSec Score

Apache Web Server - Path Traversal (CVE-2021-42013)

Published on07-10-2021
First seen on11-10-2021
CVSS 9.8/10Apache Software Foundation - Apache HTTP Server

8214Exploiting IPs reported

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.

CrowdSec analysis

CVE-2021-42013 is a critical vulnerability in the Apache HTTP Server that enables attackers to exploit insufficient fixes for prior path traversal issues, potentially accessing files outside the expected directories and executing arbitrary code if CGI scripts are enabled.

CrowdSec has been tracking this vulnerability and its exploits since 11th of October 2021.

Based on data from the CrowdSec network, nearly all observed exploitation of CVE-2021-42013 is fully opportunistic, with attackers indiscriminately scanning the entire internet. These attacks are automated and lack any form of target selection or reconnaissance. CrowdSec data also reveals a clear uptick in attacks involving CVE-2021-42013 over the past week. Activity is above the usual baseline, suggesting growing attention from attackers. This may reflect rising awareness, recent exploit releases, or expanded targeting efforts.

Exploitation attempts typically focus on path traversal through specially crafted URLs, aiming to access unauthorized files or execute scripts on vulnerable systems.

Exploitation

Get real-time information about exploitation attempts and actors involved.

Detected IPs

Discover the IPs that targeted this vulnerability across the CrowdSec Network.

Common Weakness Enumeration (CWE)

Protection

Find out relevant information to protect your stack against this CVE.

Blocklist

With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.

To increase your protection against this CVE, block exploitation attempts with this list of identified actors.

References