Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

283

CRITICAL

HIGH

MEDIUM

156

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	オープンソース Apache License v2.0

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
131	Apache HTTP Server 2.4	2.4.66	Dec. 4, 2025	Feb. 21, 2012		19	33	33	1
132	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	8	28	72	5
133	Apache HTTP Server 2.3	2.3.9				7	9	8	0
134	Apache HTTP Server 2.2	2.2.9				11	20	68	7
135	Apache HTTP Server 2.1	2.1.9				8	9	12	0
136	Apache HTTP Server 2.0	2.0.9				8	21	53	4
137	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
138	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
139	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
140	Apache HTTP Server 1.99	1.99				8	11	11	0
141	Apache HTTP Server 1.4	1.4.0				8	11	11	0
142	Apache HTTP Server 1.3	1.3.9				9	27	42	3
143	Apache HTTP Server 1.2	1.2.9				8	16	18	0
144	Apache HTTP Server 1.15	1.15.17				8	12	11	0
145	Apache HTTP Server 1.1	1.1.1				8	18	19	0
146	Apache HTTP Server 1.0	1.0.5				8	17	19	0
147	Apache HTTP Server 0.8	0.8.14				8	16	18	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
131	- 4.3	MEDIUM	Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in …	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2011-0419	cpe:2.3:a:apache:http_server::	2.0.0 2.2.0	2.0.65 2.2.18		2024-11-21 10:23 2011-05-17	Show	GitHub Exploit DB Packet Storm

132	- 5.0	MEDIUM	Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Ap…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2010-1623	cpe:2.3:a:apache:http_server::	2.0.35 2.2.0		2.0.64 2.2.17	2024-11-21 10:14 2010-10-5	Show	GitHub Exploit DB Packet Storm

133	- 5.0	MEDIUM	mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remo…	CWE-200 Information Exposure	CVE-2010-2791	cpe:2.3:a:apache:http_server:2.2.9:*				2024-11-21 10:17 2010-08-6	Show	GitHub Exploit DB Packet Storm

134	- 5.0	MEDIUM	The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.	NVD-CWE-Other	CVE-2010-1452	cpe:2.3:a:apache:http_server::	2.0.35 2.2.0		2.0.64 2.2.16	2024-11-21 10:14 2010-07-29	Show	GitHub Exploit DB Packet Storm

135	- 5.0	MEDIUM	mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, …	CWE-200 Information Exposure	CVE-2010-2068	cpe:2.3:a:apache:http_server:2.3.5:alpha cpe:2.3:a:apache:http_server:2.3.4:alpha cpe:2.3:a:apache:http_server:2.…				2024-11-21 10:15 2010-06-19	Show	GitHub Exploit DB Packet Storm

136	- 4.3	MEDIUM	The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumsta…	CWE-200 Information Exposure	CVE-2010-0434	cpe:2.3:a:apache:http_server::	2.0.35 2.2.0		2.0.64 2.2.15	2023-02-13 13:16 2010-03-6	Show	GitHub Exploit DB Packet Storm

137	- 10.0	HIGH	modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request proces…	NVD-CWE-noinfo	CVE-2010-0425	cpe:2.3:a:apache:http_server:2.3.6:* cpe:2.3:a:apache:http_server:2.3.5:* cpe:2.3:a:apache:http_server:2.3.4:*				2024-02-14 10:17 2010-03-6	Show	GitHub Exploit DB Packet Storm

138	- 5.0	MEDIUM	The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body…	NVD-CWE-Other	CVE-2010-0408	cpe:2.3:a:apache:http_server:2.2:* cpe:2.3:a:apache:http_server:2.2.9:* cpe:2.3:a:apache:http_server:2.2.8:* c…				2023-11-2 00:32 2010-03-6	Show	GitHub Exploit DB Packet Storm

139	- 4.3	MEDIUM	The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which al…	CWE-189 Numeric Errors	CVE-2003-1580	cpe:2.3:a:apache:http_server:2.0.44:*				2010-02-8 14:00 2010-02-6	Show	GitHub Exploit DB Packet Storm

140	- 2.6	LOW	The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafte…	CWE-79 Cross-site Scripting	CVE-2003-1581	cpe:2.3:a:apache:http_server:2.0.44:*				2010-02-8 14:00 2010-02-6	Show	GitHub Exploit DB Packet Storm