Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

283

CRITICAL

HIGH

MEDIUM

156

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	オープンソース Apache License v2.0

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
161	Apache HTTP Server 2.4	2.4.66	Dec. 4, 2025	Feb. 21, 2012		19	33	33	1
162	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	8	28	72	5
163	Apache HTTP Server 2.3	2.3.9				7	9	8	0
164	Apache HTTP Server 2.2	2.2.9				11	20	68	7
165	Apache HTTP Server 2.1	2.1.9				8	9	12	0
166	Apache HTTP Server 2.0	2.0.9				8	21	53	4
167	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
168	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
169	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
170	Apache HTTP Server 1.99	1.99				8	11	11	0
171	Apache HTTP Server 1.4	1.4.0				8	11	11	0
172	Apache HTTP Server 1.3	1.3.9				9	27	42	3
173	Apache HTTP Server 1.2	1.2.9				8	16	18	0
174	Apache HTTP Server 1.15	1.15.17				8	12	11	0
175	Apache HTTP Server 1.1	1.1.1				8	18	19	0
176	Apache HTTP Server 1.0	1.0.5				8	17	19	0
177	Apache HTTP Server 0.8	0.8.14				8	16	18	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
161	- 7.8	HIGH	Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the…	CWE-399 Resource Management Errors	CVE-2007-6423	cpe:2.3:a:apache:http_server:2.2.6:* cpe:2.3:a:apache:http_server:2.2.4:* cpe:2.3:a:apache:http_server:2.2.3:*				2026-04-23 09:35 2008-01-12	Show	GitHub Exploit DB Packet Storm

162	- 4.3	MEDIUM	mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) att…	CWE-79 Cross-site Scripting	CVE-2008-0005	cpe:2.3:a:apache:http_server::	2.0.35 2.2.0		2.0.63 2.2.8	2026-04-23 09:35 2008-01-12	Show	GitHub Exploit DB Packet Storm

163	- 3.5	LOW	Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the…	CWE-79 Cross-site Scripting	CVE-2007-6421	cpe:2.3:a:apache:http_server:2.2:* cpe:2.3:a:apache:http_server:2.2.6:* cpe:2.3:a:apache:http_server:2.2.4:* c…				2026-04-23 09:35 2008-01-9	Show	GitHub Exploit DB Packet Storm

164	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows r…	CWE-79 Cross-site Scripting	CVE-2007-6388	cpe:2.3:a:apache:http_server::	1.3.2 2.0.35 2.2.0	1.3.39 2.0.61 2.2.6		2026-04-23 09:35 2008-01-9	Show	GitHub Exploit DB Packet Storm

165	- 4.0	MEDIUM	The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial…	CWE-399 Resource Management Errors	CVE-2007-6422	cpe:2.3:a:apache:http_server:2.2:* cpe:2.3:a:apache:http_server:2.2.6:* cpe:2.3:a:apache:http_server:2.2.4:* c…				2026-04-23 09:35 2008-01-9	Show	GitHub Exploit DB Packet Storm

166	- 4.3	MEDIUM	Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via…	CWE-200 Information Exposure	CVE-2007-6514	cpe:2.3:a:apache:http_server:2.2.6:* cpe:2.3:a:apache:http_server:2.2.6:*				2026-04-23 09:35 2007-12-22	Show	GitHub Exploit DB Packet Storm

167	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server …	CWE-79 Cross-site Scripting	CVE-2007-5000	cpe:2.3:a:apache:http_server::	1.3.0 2.0.35 2.2.0	1.3.39 2.0.61 2.2.6		2026-04-23 09:35 2007-12-14	Show	GitHub Exploit DB Packet Storm

168	- 4.3	MEDIUM	Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might all…	CWE-79 Cross-site Scripting	CVE-2007-6203	cpe:2.3:a:apache:http_server:2.2.4:* cpe:2.3:a:apache:http_server:2.2.3:* cpe:2.3:a:apache:http_server:2.2.2:*				2026-04-23 09:35 2007-12-4	Show	GitHub Exploit DB Packet Storm

169	6.1 4.3	MEDIUM Network	Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbit…	CWE-79 Cross-site Scripting	CVE-2007-4465	cpe:2.3:a:apache:http_server::	2.0.0 2.2.0		2.0.61 2.2.6	2026-04-23 09:35 2007-09-14	Show	GitHub Exploit DB Packet Storm

170	- 5.0	MEDIUM	The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process c…	CWE-125 Out-of-bounds Read	CVE-2007-3847	cpe:2.3:a:apache:http_server::	2.0.35 2.2.0		2.0.61 2.2.6	2026-04-23 09:35 2007-08-24	Show	GitHub Exploit DB Packet Storm