CVE Series: Apache HTTPD (CVE-2021-42013)

Course Description

This course is for seasoned red teamers, penetration testers, security and vulnerability assessment analysts, and system administrators who want to know how to exploit and protect against the latest vulnerabilities impacting enterprise systems.

On October 4th, 2021, the Apache Software Foundation disclosed CVE-2021-41773, a path traversal vulnerability. Within 24 hours, POCs were available via writes ups and GitHub code. Just 2 days later, on October 6th, active exploitation of this vulnerability reached record highs. Although a patch was released on October 7th to help combat these exploitations, it was on that same day that patch bypasses and POCs were published online–resulting in the CVE we are focusing on in this course: CVE-2021-42013.

After completing this course, you will be able to:

This course is taught by Raymond Evans, a member of the CyDefe team. CyDefe develops and operates capture-the-flag (CTF) style environments, and this course focuses on presenting learners with virtual labs where you can dirctly apply what you’ve learned.

This on-demand course gives you the hands-on experience needed to protect and defend your organization against the critical vulnerability. In one hour, offensive and defensive security professionals can become more prepared to defend their organization against this flaw that could allow an adversary to cause significant damage on a victim system. In this course, you will see just how quick and easy it is to exploit this vulnerability from the perspective of an adversary. You will be able to not only exploit and mitigate this critical vulnerability, but also describe its significance to organizational stakeholders.

Define the Apache HTTPD attack, describe its root cause, and communicate its significance to key organizational stakeholders.

Define the Apache HTTPD attack, describe its root cause, and communicate its significance to key organizational stakeholders.

Exploit this vulnerability using publicly available exploit code.

Exploit this vulnerability using publicly available exploit code.

Execute various mitigation tactics to reduce risk.

This on-demand course gives you the hands-on experience needed to protect and defend your organization against the critical vulnerability. In one hour, offensive and defensive security professionals can become more prepared to defend their organization against this flaw that could allow an adversary to cause significant damage on a victim system. In this course, you will see just how quick and easy it is to exploit this vulnerability from the perspective of an adversary. You will be able to not only exploit and mitigate this critical vulnerability, but also describe its significance to organizational stakeholders.

Module 1: Exploit and Mitigate the Apache HTTPD Vulnerability