Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

283

CRITICAL

HIGH

MEDIUM

156

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	Apache License v2.0 オープンソース

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
111	Apache HTTP Server 2.4	2.4.66	Dec. 4, 2025	Feb. 21, 2012		19	33	33	1
112	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	8	28	72	5
113	Apache HTTP Server 2.3	2.3.9				7	9	8	0
114	Apache HTTP Server 2.2	2.2.9				11	20	68	7
115	Apache HTTP Server 2.1	2.1.9				8	9	12	0
116	Apache HTTP Server 2.0	2.0.9				8	21	53	4
117	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
118	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
119	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
120	Apache HTTP Server 1.99	1.99				8	11	11	0
121	Apache HTTP Server 1.4	1.4.0				8	11	11	0
122	Apache HTTP Server 1.3	1.3.9				9	27	42	3
123	Apache HTTP Server 1.2	1.2.9				8	16	18	0
124	Apache HTTP Server 1.15	1.15.17				8	12	11	0
125	Apache HTTP Server 1.1	1.1.1				8	18	19	0
126	Apache HTTP Server 1.0	1.0.5				8	17	19	0
127	Apache HTTP Server 0.8	0.8.14				8	16	18	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	less than	Update date Published date	Show Affected	Exploit PoC Search
111	- 4.3	MEDIUM	mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a M…	NVD-CWE-noinfo	CVE-2013-1896	cpe:2.3:a:apache:http_server::	2.2.0 2.4.1	2.2.25 2.4.6	2024-11-21 10:50 2013-07-11	Show	GitHub Exploit DB Packet Storm

112	- 5.1	MEDIUM	mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to exec…	NVD-CWE-noinfo	CVE-2013-1862	cpe:2.3:a:apache:http_server::	2.2.0 2.0.0	2.2.25 2.0.65	2024-11-21 10:50 2013-06-11	Show	GitHub Exploit DB Packet Storm

113	- 4.3	MEDIUM	Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x …	CWE-79 Cross-site Scripting	CVE-2012-4558	cpe:2.3:a:apache:http_server:2.4.3:* cpe:2.3:a:apache:http_server:2.4.2:* cpe:2.3:a:apache:http_server:2.4.1:*			2024-11-21 10:43 2013-02-27	Show	GitHub Exploit DB Packet Storm

114	- 4.3	MEDIUM	Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors …	CWE-79 Cross-site Scripting	CVE-2012-3499	cpe:2.3:a:apache:http_server:2.4.3:* cpe:2.3:a:apache:http_server:2.4.2:* cpe:2.3:a:apache:http_server:2.4.1:*			2024-11-21 10:41 2013-02-27	Show	GitHub Exploit DB Packet Storm

115	- 5.0	MEDIUM	The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to ca…	CWE-399 Resource Management Errors	CVE-2012-4557	cpe:2.3:a:apache:http_server:2.2.21:* cpe:2.3:a:apache:http_server:2.2.20:* cpe:2.3:a:apache:http_server:2.2.19:*…			2024-11-21 10:43 2012-12-1	Show	GitHub Exploit DB Packet Storm

116	- 4.3	MEDIUM	The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determi…	CWE-200 Information Exposure	CVE-2012-3502	cpe:2.3:a:apache:http_server:2.4.2:* cpe:2.3:a:apache:http_server:2.4.1:* cpe:2.3:a:apache:http_server:2.4.0:*			2024-11-21 10:41 2012-08-23	Show	GitHub Exploit DB Packet Storm

117	- 2.6	LOW	Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiVi…	CWE-79 Cross-site Scripting	CVE-2012-2687	cpe:2.3:a:apache:http_server:2.4.2:* cpe:2.3:a:apache:http_server:2.4.1:* cpe:2.3:a:apache:http_server:2.4.0:*			2024-11-21 10:39 2012-08-23	Show	GitHub Exploit DB Packet Storm

118	- 6.9	MEDIUM	envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the …	NVD-CWE-noinfo	CVE-2012-0883	cpe:2.3:a:apache:http_server:2.4.1:* cpe:2.3:a:apache:http_server::	2.2.0	2.2.23	2024-11-21 10:35 2012-04-18	Show	GitHub Exploit DB Packet Storm

119	- 4.3	MEDIUM	protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to …	NVD-CWE-noinfo	CVE-2012-0053	cpe:2.3:a:apache:http_server::	2.0.0 2.2.0	2.0.65 2.2.22	2024-11-21 10:34 2012-01-28	Show	GitHub Exploit DB Packet Storm

120	- 2.6	LOW	The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, w…	CWE-20 Improper Input Validation	CVE-2012-0021	cpe:2.3:a:apache:http_server:2.2.21:* cpe:2.3:a:apache:http_server:2.2.20:* cpe:2.3:a:apache:http_server:2.2.19:*…			2024-11-21 10:34 2012-01-28	Show	GitHub Exploit DB Packet Storm