Apache Httpd 2.4.18 Exploit !!install!! Here

Apache HTTP Server version 2.4.18 has several documented vulnerabilities, with the most notable being a local root privilege escalation. For a comprehensive list of all known issues for this specific release, you can consult the Apache HTTP Server 2.4 vulnerabilities official security page.

Apache HTTPD 2.4.18 — Summary of notable vulnerabilities & exploitability

• Version context: 2.4.18 is an older 2.4-series release (released 2015). Several security fixes were made in later 2.4.x releases; running 2.4.18 exposes systems to known CVEs fixed after that release.
• High-risk CVEs affecting 2.4.18 (representative examples):

  , this flaw affects Apache 2.4.17 through 2.4.38 on Unix-based systems. Exploit-DB apache httpd 2.4.18 exploit

  Dockerfile for Vanilla 2.4.18 (Unsafe - Lab Only)

  FROM ubuntu:16.04
  RUN apt-get update && apt-get install -y apache2=2.4.18-2ubuntu3
  # Enable mod_cgi, mod_http2, and set AllowOverride All
  COPY vulnerable.cgi /usr/lib/cgi-bin/
  CMD ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"]
  

  If you're looking for an in-depth paper on this topic, here are a few resources: Apache HTTP Server version 2