Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

283

CRITICAL

HIGH

MEDIUM

156

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	オープンソース Apache License v2.0

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
141	Apache HTTP Server 2.4	2.4.66	Dec. 4, 2025	Feb. 21, 2012		19	33	33	1
142	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	8	28	72	5
143	Apache HTTP Server 2.3	2.3.9				7	9	8	0
144	Apache HTTP Server 2.2	2.2.9				11	20	68	7
145	Apache HTTP Server 2.1	2.1.9				8	9	12	0
146	Apache HTTP Server 2.0	2.0.9				8	21	53	4
147	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
148	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
149	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
150	Apache HTTP Server 1.99	1.99				8	11	11	0
151	Apache HTTP Server 1.4	1.4.0				8	11	11	0
152	Apache HTTP Server 1.3	1.3.9				9	27	42	3
153	Apache HTTP Server 1.2	1.2.9				8	16	18	0
154	Apache HTTP Server 1.15	1.15.17				8	12	11	0
155	Apache HTTP Server 1.1	1.1.1				8	18	19	0
156	Apache HTTP Server 1.0	1.0.5				8	17	19	0
157	Apache HTTP Server 0.8	0.8.14				8	16	18	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
141	- 6.8	MEDIUM	Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of serv…	CWE-189 Numeric Errors	CVE-2010-0010	cpe:2.3:a:apache:http_server:1.3:* cpe:2.3:a:apache:http_server:1.3.4:* cpe:2.3:a:apache:http_server:1.3.40:* …		1.3.41		2023-11-7 11:04 2010-02-3	Show	GitHub Exploit DB Packet Storm

142	- 5.0	MEDIUM	The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via a…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2009-3560	cpe:2.3:a:apache:http_server::	2.0.35 2.2.0		2.0.64 2.2.17	2026-04-23 09:35 2009-12-5	Show	GitHub Exploit DB Packet Storm

143	- 5.8	MEDIUM	The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9…	CWE-295 Improper Certificate Validation	CVE-2009-3555	cpe:2.3:a:apache:http_server::		2.2.14		2026-04-23 09:35 2009-11-10	Show	GitHub Exploit DB Packet Storm

144	- 5.0	MEDIUM	The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service …	NVD-CWE-noinfo	CVE-2009-3720	cpe:2.3:a:apache:http_server::	2.0.35 2.2.0		2.0.64 2.2.17	2026-04-23 09:35 2009-11-4	Show	GitHub Exploit DB Packet Storm

145	7.5 5.0	HIGH Network	The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products…	CWE-667 Improper Locking	CVE-2009-2699	cpe:2.3:a:apache:http_server::	2.2.0		2.2.14	2026-04-23 09:35 2009-10-13	Show	GitHub Exploit DB Packet Storm

146	- 5.0	MEDIUM	The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of …	NVD-CWE-Other	CVE-2009-3095	cpe:2.3:a:apache:http_server::	2.0.35 2.2.0		2.0.64 2.2.14	2026-04-23 09:35 2009-09-9	Show	GitHub Exploit DB Packet Storm

147	- 2.6	LOW	The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL poi…	CWE-476 NULL Pointer Dereference	CVE-2009-3094	cpe:2.3:a:apache:http_server::	2.0.35 2.2.0		2.0.64 2.2.14	2026-04-23 09:35 2009-09-9	Show	GitHub Exploit DB Packet Storm

148	- 7.1	HIGH	The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a deni…	CWE-400 Uncontrolled Resource Consumption	CVE-2009-1891	cpe:2.3:a:apache:http_server::	2.0.35 2.2.0		2.0.64 2.2.12	2026-04-23 09:35 2009-07-11	Show	GitHub Exploit DB Packet Storm

149	- 7.1	HIGH	The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed d…	CWE-400 Uncontrolled Resource Consumption	CVE-2009-1890	cpe:2.3:a:apache:http_server::	2.2.0		2.2.12	2026-04-23 09:35 2009-07-6	Show	GitHub Exploit DB Packet Storm

150	- 6.4	MEDIUM	Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (appl…	CWE-189 Numeric Errors	CVE-2009-1956	cpe:2.3:a:apache:http_server::	2.2.0		2.2.12	2026-04-23 09:35 2009-06-8	Show	GitHub Exploit DB Packet Storm