Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

277

CRITICAL

HIGH

MEDIUM

155

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	オープンソース Apache License v2.0

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
1	Apache HTTP Server 2.4	2.4.59	April 4, 2024	Feb. 21, 2012		17	31	33	1
2	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	8	27	73	5
3	Apache HTTP Server 2.3	2.3.9				7	8	9	0
4	Apache HTTP Server 2.2	2.2.9				11	19	69	7
5	Apache HTTP Server 2.1	2.1.9				8	8	13	0
6	Apache HTTP Server 2.0	2.0.9				8	20	53	4
7	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
8	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
9	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
10	Apache HTTP Server 1.99	1.99				8	10	12	0
11	Apache HTTP Server 1.4	1.4.0				8	10	12	0
12	Apache HTTP Server 1.3	1.3.9				9	26	43	3
13	Apache HTTP Server 1.2	1.2.9				8	15	19	0
14	Apache HTTP Server 1.15	1.15.17				8	11	12	0
15	Apache HTTP Server 1.1	1.1.1				8	17	20	0
16	Apache HTTP Server 1.0	1.0.5				8	16	20	0
17	Apache HTTP Server 0.8	0.8.14				8	15	19	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
1	7.5 -	HIGH Network	An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resou…	CWE-400 Uncontrolled Resource Consumption	CVE-2023-43622	cpe:2.3:a:apache:http_server::	2.4.55		2.4.58	2023-11-2 03:11 2023-10-23	Show	GitHub Exploit DB Packet Storm

2	5.9 -	MEDIUM Network	When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection c…	CWE-400 Uncontrolled Resource Consumption	CVE-2023-45802	cpe:2.3:a:apache:http_server::			2.4.58	2023-11-7 14:15 2023-10-23	Show	GitHub Exploit DB Packet Storm

3	7.5 -	HIGH Network	Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.	CWE-125 Out-of-bounds Read	CVE-2023-31122	cpe:2.3:a:apache:http_server::		2.4.57		2023-11-7 14:15 2023-10-23	Show	GitHub Exploit DB Packet Storm

4	7.5 -	HIGH Network	HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header c…	CWE-444 HTTP Request Smuggling	CVE-2023-27522	cpe:2.3:a:apache:http_server::	2.4.30	2.4.55		2023-09-9 07:15 2023-03-8	Show	GitHub Exploit DB Packet Storm

5	9.8 -	CRITICAL Network	Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form…	CWE-444 HTTP Request Smuggling	CVE-2023-25690	cpe:2.3:a:apache:http_server::	2.4.0	2.4.55		2024-01-3 01:15 2023-03-8	Show	GitHub Exploit DB Packet Storm

6	5.3 -	MEDIUM Network	Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers…	CWE-113 HTTP Response Splitting	CVE-2022-37436	cpe:2.3:a:apache:http_server::			2.4.55	2023-09-9 07:15 2023-01-18	Show	GitHub Exploit DB Packet Storm

7	9.0 -	CRITICAL Network	Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards reque…	CWE-444 HTTP Request Smuggling	CVE-2022-36760	cpe:2.3:a:apache:http_server::	2.4.0		2.4.55	2023-09-9 07:15 2023-01-18	Show	GitHub Exploit DB Packet Storm

8	7.5 -	HIGH Network	A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. …	CWE-787 Out-of-bounds Write	CVE-2006-20001	cpe:2.3:a:apache:http_server::			2.4.55	2023-09-9 07:15 2023-01-18	Show	GitHub Exploit DB Packet Storm

9	5.3 5.0	MEDIUM Network	Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.	CWE-125 Out-of-bounds Read	CVE-2022-28330	cpe:2.3:a:apache:http_server::		2.4.53		2022-06-25 01:15 2022-06-10	Show	GitHub Exploit DB Packet Storm

10	9.8 7.5	CRITICAL Network	Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based auth…	CWE-345 Insufficient Verification of Data Authenticity	CVE-2022-31813	cpe:2.3:a:apache:http_server::		2.4.53		2023-11-7 12:47 2022-06-10	Show	GitHub Exploit DB Packet Storm