Jump to content

HTTP/Exploit.CVE-2021-41773 on a Apache Tomcat server

Go to solution Solved by Nevermind,

Recommended Posts



Just a quick (global) question:


We have a webserver containing an instance of Apache Tomcat version 9 (not fully up-to-dat).

The server also has ESET Server Security version 9 on it.

Once in a while ESET Server Security detects an attempt to exploit HTTP/Exploit.CVE-2021-41773 on the Tomcat.exe process.

The exploit is bound to a vulnerability in Apache HTTPD instead of Tomcat.


Would that be an attempt of the attacker to try if the webserver accidentally has a vulnerable httpd version on it, what is triggering ESET to detect the exploit attempt? Could it be a  FP, because Tomcat.exe is not vulnerable to this exploit, or could something else be the reason ESS is triggered?



Link to comment
Share on other sites

  • Solution

Hey Markwd,

thats a network detection only (ie its neither a file nor memory detection). The way I see it someone tries whether your server is vulnerable to this exploit. If you have logging enabled you can check if there are any requests similar to this:

(src: https://github.com/thehackersbrain/CVE-2021-41773/blob/main/exploit.py)

ESET doesnt check whether you are actually running a vulnerable software or not. It sees an exploit attempt -> it displays a detection window.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...