Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

283

CRITICAL

HIGH

MEDIUM

156

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	Apache License v2.0 オープンソース

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
101	Apache HTTP Server 2.4	2.4.66	Dec. 4, 2025	Feb. 21, 2012		19	33	33	1
102	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	8	28	72	5
103	Apache HTTP Server 2.3	2.3.9				7	9	8	0
104	Apache HTTP Server 2.2	2.2.9				11	20	68	7
105	Apache HTTP Server 2.1	2.1.9				8	9	12	0
106	Apache HTTP Server 2.0	2.0.9				8	21	53	4
107	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
108	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
109	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
110	Apache HTTP Server 1.99	1.99				8	11	11	0
111	Apache HTTP Server 1.4	1.4.0				8	11	11	0
112	Apache HTTP Server 1.3	1.3.9				9	27	42	3
113	Apache HTTP Server 1.2	1.2.9				8	16	18	0
114	Apache HTTP Server 1.15	1.15.17				8	12	11	0
115	Apache HTTP Server 1.1	1.1.1				8	18	19	0
116	Apache HTTP Server 1.0	1.0.5				8	17	19	0
117	Apache HTTP Server 0.8	0.8.14				8	16	18	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
101	- 5.0	MEDIUM	Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote…	CWE-399 Resource Management Errors	CVE-2014-3523	cpe:2.3:a:apache:http_server:2.4.9:* cpe:2.3:a:apache:http_server:2.4.8:* cpe:2.3:a:apache:http_server:2.4.7:*				2024-11-21 11:08 2014-07-20	Show	GitHub Exploit DB Packet Storm

102	- 5.0	MEDIUM	The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script …	CWE-399 Resource Management Errors	CVE-2014-0231	cpe:2.3:a:apache:http_server::	2.2.0 2.4.0		2.2.29 2.4.10	2024-11-21 11:01 2014-07-20	Show	GitHub Exploit DB Packet Storm

103	- 6.8	MEDIUM	Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credent…	CWE-362 Race Condition	CVE-2014-0226	cpe:2.3:a:apache:http_server::	2.2.0 2.4.1		2.2.29 2.4.10	2024-11-21 11:01 2014-07-20	Show	GitHub Exploit DB Packet Storm

104	- 4.3	MEDIUM	The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denia…	CWE-400 Uncontrolled Resource Consumption	CVE-2014-0118	cpe:2.3:a:apache:http_server::	2.2.0 2.4.1		2.2.29 2.4.10	2024-11-21 11:01 2014-07-20	Show	GitHub Exploit DB Packet Storm

105	- 4.3	MEDIUM	The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Conn…	CWE-20 Improper Input Validation	CVE-2014-0117	cpe:2.3:a:apache:http_server:2.4.9:* cpe:2.3:a:apache:http_server:2.4.8:* cpe:2.3:a:apache:http_server:2.4.7:*				2024-11-21 11:01 2014-07-20	Show	GitHub Exploit DB Packet Storm

106	- 4.3	MEDIUM	The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a …	NVD-CWE-Other	CVE-2013-4352	cpe:2.3:a:apache:http_server:2.4.6:*				2024-11-21 10:55 2014-07-20	Show	GitHub Exploit DB Packet Storm

107	- 5.0	MEDIUM	The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfe…	NVD-CWE-noinfo	CVE-2013-5704	cpe:2.3:a:apache:http_server:2.4.9:* cpe:2.3:a:apache:http_server:2.4.7:* cpe:2.3:a:apache:http_server:2.4.6:*				2024-11-21 10:57 2014-04-15	Show	GitHub Exploit DB Packet Storm

108	- 5.0	MEDIUM	The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon cra…	NVD-CWE-noinfo	CVE-2014-0098	cpe:2.3:a:apache:http_server::	2.2.0 2.4.1		2.2.27 2.4.9	2024-11-21 11:01 2014-03-18	Show	GitHub Exploit DB Packet Storm

109	- 5.0	MEDIUM	The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote atta…	NVD-CWE-noinfo	CVE-2013-6438	cpe:2.3:a:apache:http_server::	2.2.0 2.4.1		2.2.27 2.4.9	2024-11-21 10:59 2014-03-18	Show	GitHub Exploit DB Packet Storm

110	- 7.5	HIGH	mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new ses…	NVD-CWE-noinfo	CVE-2013-2249	cpe:2.3:a:apache:http_server::	2.4.1	2.4.4		2024-11-21 10:51 2013-07-24	Show	GitHub Exploit DB Packet Storm