CVE-2021-42013 Apache HTTP Server: Emulation and Detection
In this lab, you’ll practice vulnerability management by assessing, testing, and mitigating a web server based path traversal and remote code execution vulnerability. When you’re finished, you’ll be able to detect exploitation attempts and re-configure an Apache HTTP server so that it's protected against CVE-2021-42013.
Terms and conditions apply.
Challenge
Getting Started in the Lab Environment
Just like the universe, your lab is being created from nothing. That can take a couple of minutes, so start here with an explanation of the lab environment and your initial instructions, and you'll be ready to hit the ground running as soon as the sparks stop fizzing off the virtual hard drives.
Challenge
Emulate
Determine if the local Apache web server is vulnerable to CVE-2021-42013 by launching an nmap version scan, then prove that the vulnerability is exploitable by testing for path traversal and remote code execution.
Challenge
Detect
Access the web server and use native Linux tools to explore access and error logs for attempts to exploit the CVE-2021-42013 vulnerability.
Challenge
Protect
Modify the httpd configuration file to mitigate the CVE-2021-42013 vulnerability.
Challenge
The Last Challenge
Welcome to the final challenge! This is your last chance to experiment in the environment. Clicking Finish Lab will end this little world that flittered into existence just for you.
Provided environment for hands-on practice
We will provide the credentials and environment necessary for you to practice right within your browser.
Guided walkthrough
Follow along with the author’s guided walkthrough and build something new in your provided environment!
Did you know?
On average, you retain 75% more of your learning if you get time for practice.
Recommended prerequisites
- You should be comfortable at the linux command line and with running typical administrative commands.
- If you have some basic web server configuration knowledge, then that's a bonus, but it’s not essential.