Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

283

CRITICAL

HIGH

MEDIUM

156

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	オープンソース Apache License v2.0

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
151	Apache HTTP Server 2.4	2.4.66	Dec. 4, 2025	Feb. 21, 2012		19	33	33	1
152	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	8	28	72	5
153	Apache HTTP Server 2.3	2.3.9				7	9	8	0
154	Apache HTTP Server 2.2	2.2.9				11	20	68	7
155	Apache HTTP Server 2.1	2.1.9				8	9	12	0
156	Apache HTTP Server 2.0	2.0.9				8	21	53	4
157	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
158	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
159	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
160	Apache HTTP Server 1.99	1.99				8	11	11	0
161	Apache HTTP Server 1.4	1.4.0				8	11	11	0
162	Apache HTTP Server 1.3	1.3.9				9	27	42	3
163	Apache HTTP Server 1.2	1.2.9				8	16	18	0
164	Apache HTTP Server 1.15	1.15.17				8	12	11	0
165	Apache HTTP Server 1.1	1.1.1				8	18	19	0
166	Apache HTTP Server 1.0	1.0.5				8	17	19	0
167	Apache HTTP Server 0.8	0.8.14				8	16	18	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
151	7.5 5.0	HIGH Network	The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to …	CWE-776 XML Entity Expansion	CVE-2009-1955	cpe:2.3:a:apache:http_server::	2.2.0		2.2.12	2026-04-23 09:35 2009-06-8	Show	GitHub Exploit DB Packet Storm

152	- 4.3	MEDIUM	The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2009-0023	cpe:2.3:a:apache:http_server::	2.2.0		2.2.12	2026-04-23 09:35 2009-06-8	Show	GitHub Exploit DB Packet Storm

153	- 4.9	MEDIUM	The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) O…	CWE-16 Configuration	CVE-2009-1195	cpe:2.3:a:apache:http_server:2.2.9:* cpe:2.3:a:apache:http_server:2.2.8:* cpe:2.3:a:apache:http_server:2.2.7:*				2026-04-23 09:35 2009-05-29	Show	GitHub Exploit DB Packet Storm

154	- 5.0	MEDIUM	mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no…	NVD-CWE-noinfo	CVE-2009-1191	cpe:2.3:a:apache:http_server:2.2.11:*				2026-04-23 09:35 2009-04-24	Show	GitHub Exploit DB Packet Storm

155	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versi…	CWE-79 Cross-site Scripting	CVE-2008-2939	cpe:2.3:a:apache:http_server::	2.2.0	2.0.63 2.2.9		2026-04-23 09:35 2008-08-7	Show	GitHub Exploit DB Packet Storm

156	- 5.0	MEDIUM	The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allo…	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2008-2364	cpe:2.3:a:apache:http_server::	2.0.35 2.2.0		2.0.64 2.2.9	2026-04-23 09:35 2008-06-14	Show	GitHub Exploit DB Packet Storm

157	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displayin…	CWE-79 Cross-site Scripting	CVE-2008-2168	cpe:2.3:a:apache:http_server:2.2:* cpe:2.3:a:apache:http_server:2.2.4:* cpe:2.3:a:apache:http_server:2.2.3:* c…				2026-04-23 09:35 2008-05-14	Show	GitHub Exploit DB Packet Storm

158	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier …	CWE-79 Cross-site Scripting	CVE-2008-0455	cpe:2.3:a:apache:http_server::	2.2.0 2.4.1		2.2.23 2.4.3	2026-04-23 09:35 2008-01-25	Show	GitHub Exploit DB Packet Storm

159	- 2.6	LOW	CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x…	CWE-74 Injection	CVE-2008-0456	cpe:2.3:a:apache:http_server::	2.2.0		2.2.12	2026-04-23 09:35 2008-01-25	Show	GitHub Exploit DB Packet Storm

160	- 4.3	MEDIUM	Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.	CWE-352 Origin Validation Error	CVE-2007-6420	cpe:2.3:a:apache:http_server:2.2.8:* cpe:2.3:a:apache:http_server:2.2.6:* cpe:2.3:a:apache:http_server:2.2.5:*				2026-04-23 09:35 2008-01-12	Show	GitHub Exploit DB Packet Storm