Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

283

CRITICAL

HIGH

MEDIUM

156

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	Apache License v2.0 オープンソース

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
91	Apache HTTP Server 2.4	2.4.66	Dec. 4, 2025	Feb. 21, 2012		19	33	33	1
92	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	8	28	72	5
93	Apache HTTP Server 2.3	2.3.9				7	9	8	0
94	Apache HTTP Server 2.2	2.2.9				11	20	68	7
95	Apache HTTP Server 2.1	2.1.9				8	9	12	0
96	Apache HTTP Server 2.0	2.0.9				8	21	53	4
97	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
98	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
99	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
100	Apache HTTP Server 1.99	1.99				8	11	11	0
101	Apache HTTP Server 1.4	1.4.0				8	11	11	0
102	Apache HTTP Server 1.3	1.3.9				9	27	42	3
103	Apache HTTP Server 1.2	1.2.9				8	16	18	0
104	Apache HTTP Server 1.15	1.15.17				8	12	11	0
105	Apache HTTP Server 1.1	1.1.1				8	18	19	0
106	Apache HTTP Server 1.0	1.0.5				8	17	19	0
107	Apache HTTP Server 0.8	0.8.14				8	16	18	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
91	8.1 6.8	HIGH Network	The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, wh…	NVD-CWE-noinfo	CVE-2016-5387	cpe:2.3:a:apache:http_server::	2.4.1 2.2.0	2.4.23 2.2.31		2024-11-21 11:54 2016-07-19	Show	GitHub Exploit DB Packet Storm

92	7.5 5.0	HIGH Network	The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allow…	CWE-284 Improper Access Control	CVE-2016-4979	cpe:2.3:a:apache:http_server:2.4.20:* cpe:2.3:a:apache:http_server:2.4.19:* cpe:2.3:a:apache:http_server:2.4.18:*				2024-11-21 11:53 2016-07-6	Show	GitHub Exploit DB Packet Storm

93	5.9 4.3	MEDIUM Network	The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a …	CWE-399 Resource Management Errors	CVE-2016-1546	cpe:2.3:a:apache:http_server:2.4.18:* cpe:2.3:a:apache:http_server:2.4.17:*				2024-11-21 11:46 2016-07-6	Show	GitHub Exploit DB Packet Storm

94	- 4.3	MEDIUM	The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather …	CWE-264 Permissions, Privileges, and Access Controls	CVE-2015-3185	cpe:2.3:a:apache:http_server:2.4.9:* cpe:2.3:a:apache:http_server:2.4.8:* cpe:2.3:a:apache:http_server:2.4.7:*				2024-11-21 11:28 2015-07-21	Show	GitHub Exploit DB Packet Storm

95	- 5.0	MEDIUM	The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a…	CWE-20 CWE-17 Improper Input Validation Code	CVE-2015-3183	cpe:2.3:a:apache:http_server::	2.2.0 2.4.0		2.2.31 2.4.16	2024-11-21 11:28 2015-07-21	Show	GitHub Exploit DB Packet Storm

96	- 5.0	MEDIUM	The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NUL…	NVD-CWE-Other	CVE-2015-0253	cpe:2.3:a:apache:http_server:2.4.12:*				2024-11-21 11:22 2015-07-21	Show	GitHub Exploit DB Packet Storm

97	- 5.0	MEDIUM	The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a…	CWE-20 Improper Input Validation	CVE-2015-0228	cpe:2.3:a:apache:http_server::		2.4.12		2024-11-21 11:22 2015-03-8	Show	GitHub Exploit DB Packet Storm

98	- 4.3	MEDIUM	mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different ar…	CWE-863 Incorrect Authorization	CVE-2014-8109	cpe:2.3:a:apache:http_server:2.4.9:* cpe:2.3:a:apache:http_server:2.4.7:* cpe:2.3:a:apache:http_server:2.4.6:*				2024-11-21 11:18 2014-12-30	Show	GitHub Exploit DB Packet Storm

99	- 5.0	MEDIUM	The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon c…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2014-3583	cpe:2.3:a:apache:http_server:2.4.10:*				2024-11-21 11:08 2014-12-16	Show	GitHub Exploit DB Packet Storm

100	- 5.0	MEDIUM	The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer d…	CWE-476 NULL Pointer Dereference	CVE-2014-3581	cpe:2.3:a:apache:http_server:2.4.9:* cpe:2.3:a:apache:http_server:2.4.7:* cpe:2.3:a:apache:http_server:2.4.6:*				2024-11-21 11:08 2014-10-10	Show	GitHub Exploit DB Packet Storm