Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

283

CRITICAL

HIGH

MEDIUM

156

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	オープンソース Apache License v2.0

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
1	Apache HTTP Server 2.4	2.4.66	Dec. 4, 2025	Feb. 21, 2012		19	33	33	1
2	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	8	28	72	5
3	Apache HTTP Server 2.3	2.3.9				7	9	8	0
4	Apache HTTP Server 2.2	2.2.9				11	20	68	7
5	Apache HTTP Server 2.1	2.1.9				8	9	12	0
6	Apache HTTP Server 2.0	2.0.9				8	21	53	4
7	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
8	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
9	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
10	Apache HTTP Server 1.99	1.99				8	11	11	0
11	Apache HTTP Server 1.4	1.4.0				8	11	11	0
12	Apache HTTP Server 1.3	1.3.9				9	27	42	3
13	Apache HTTP Server 1.2	1.2.9				8	16	18	0
14	Apache HTTP Server 1.15	1.15.17				8	12	11	0
15	Apache HTTP Server 1.1	1.1.1				8	18	19	0
16	Apache HTTP Server 1.0	1.0.5				8	17	19	0
17	Apache HTTP Server 0.8	0.8.14				8	16	18	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
1	7.5 -	HIGH Network	SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to…	-	CVE-2024-40898	cpe:2.3:a:apache:http_server::			2.4.62	2024-11-21 18:31 2024-07-18	Show	GitHub Exploit DB Packet Storm

2	5.3 -	MEDIUM Network	A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some…	NVD-CWE-noinfo	CVE-2024-40725	cpe:2.3:a:apache:http_server:2.4.61:* cpe:2.3:a:apache:http_server:2.4.60:*				2024-11-21 18:31 2024-07-18	Show	GitHub Exploit DB Packet Storm

3	7.5 -	HIGH Network	null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, whic…	-	CVE-2024-38477	cpe:2.3:a:apache:http_server::	2.4.0		2.4.60	2024-11-21 18:26 2024-07-2	Show	GitHub Exploit DB Packet Storm

4	9.8 -	CRITICAL Network	Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious o…	NVD-CWE-noinfo	CVE-2024-38476	cpe:2.3:a:apache:http_server::	2.4.0	2.4.60		2024-11-21 18:26 2024-07-2	Show	GitHub Exploit DB Packet Storm

5	9.8 -	CRITICAL Network	Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any …	-	CVE-2024-38474	cpe:2.3:a:apache:http_server::	2.4.0		2.4.60	2024-11-21 18:26 2024-07-2	Show	GitHub Exploit DB Packet Storm

6	7.5 -	HIGH Network	HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory …	-	CVE-2024-27316	cpe:2.3:a:apache:http_server::	2.4.17		2.4.59	2024-11-21 18:04 2024-04-5	Show	GitHub Exploit DB Packet Storm

7	5.9 -	MEDIUM Network	When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection c…	CWE-404 Improper Resource Shutdown or Release	CVE-2023-45802	cpe:2.3:a:apache:http_server::	2.4.17		2.4.58	2024-11-21 17:27 2023-10-23	Show	GitHub Exploit DB Packet Storm

8	7.5 -	HIGH Network	An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resou…	-	CVE-2023-43622	cpe:2.3:a:apache:http_server::	2.4.55		2.4.58	2024-11-21 17:24 2023-10-23	Show	GitHub Exploit DB Packet Storm

9	7.5 -	HIGH Network	Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.	-	CVE-2023-31122	cpe:2.3:a:apache:http_server::		2.4.57		2024-11-21 17:01 2023-10-23	Show	GitHub Exploit DB Packet Storm

10	9.8 -	CRITICAL Network	Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form…	-	CVE-2023-25690	cpe:2.3:a:apache:http_server::	2.4.0	2.4.55		2024-11-21 16:49 2023-03-8	Show	GitHub Exploit DB Packet Storm