Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

283

CRITICAL

HIGH

MEDIUM

156

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	オープンソース Apache License v2.0

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
171	Apache HTTP Server 2.4	2.4.66	Dec. 4, 2025	Feb. 21, 2012		19	33	33	1
172	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	8	28	72	5
173	Apache HTTP Server 2.3	2.3.9				7	9	8	0
174	Apache HTTP Server 2.2	2.2.9				11	20	68	7
175	Apache HTTP Server 2.1	2.1.9				8	9	12	0
176	Apache HTTP Server 2.0	2.0.9				8	21	53	4
177	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
178	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
179	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
180	Apache HTTP Server 1.99	1.99				8	11	11	0
181	Apache HTTP Server 1.4	1.4.0				8	11	11	0
182	Apache HTTP Server 1.3	1.3.9				9	27	42	3
183	Apache HTTP Server 1.2	1.2.9				8	16	18	0
184	Apache HTTP Server 1.15	1.15.17				8	12	11	0
185	Apache HTTP Server 1.1	1.1.1				8	18	19	0
186	Apache HTTP Server 1.0	1.0.5				8	17	19	0
187	Apache HTTP Server 0.8	0.8.14				8	16	18	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	less than	Update date Published date	Show Affected	Exploit PoC Search
171	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote …	NVD-CWE-Other	CVE-2006-5752	cpe:2.3:a:apache:http_server::	1.3.2 2.0.0 2.2.0	1.3.39 2.0.61 2.2.6	2026-04-23 09:35 2007-06-28	Show	GitHub Exploit DB Packet Storm

172	- 5.0	MEDIUM	cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service …	NVD-CWE-Other	CVE-2007-1863	cpe:2.3:a:apache:http_server::	2.0.37 2.2.0	2.0.61 2.2.6	2026-04-23 09:35 2007-06-28	Show	GitHub Exploit DB Packet Storm

173	- 4.9	MEDIUM	Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by…	CWE-94 Code Injection	CVE-2007-3303	cpe:2.3:a:apache:http_server:2.2.4:* cpe:2.3:a:apache:http_server:2.0.59:*			2026-04-23 09:35 2007-06-21	Show	GitHub Exploit DB Packet Storm

174	- 4.7	MEDIUM	Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary pr…	NVD-CWE-noinfo	CVE-2007-3304	cpe:2.3:a:apache:http_server::	1.3.0 2.0.0 2.2.0	1.3.39 2.0.61 2.2.6	2026-04-23 09:35 2007-06-21	Show	GitHub Exploit DB Packet Storm

175	- 5.0	MEDIUM	The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which cou…	NVD-CWE-Other	CVE-2007-1862	cpe:2.3:a:apache:http_server:2.2.4:*			2026-04-23 09:35 2007-06-5	Show	GitHub Exploit DB Packet Storm

176	- 3.7	LOW	suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized ope…	NVD-CWE-Other	CVE-2007-1742	cpe:2.3:a:apache:http_server:2.2.3:*			2026-04-23 09:35 2007-04-14	Show	GitHub Exploit DB Packet Storm

177	- 4.4	MEDIUM	suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary …	NVD-CWE-Other	CVE-2007-1743	cpe:2.3:a:apache:http_server:2.2.3:*			2026-04-23 09:35 2007-04-14	Show	GitHub Exploit DB Packet Storm

178	- 6.2	MEDIUM	Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renam…	CWE-362 Race Condition	CVE-2007-1741	cpe:2.3:a:apache:http_server:2.2.3:*			2026-04-23 09:35 2007-04-14	Show	GitHub Exploit DB Packet Storm

179	- 5.0	MEDIUM	Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers …	CWE-22 Path Traversal	CVE-2007-0450	cpe:2.3:a:apache:http_server:-:*			2026-04-23 09:35 2007-03-17	Show	GitHub Exploit DB Packet Storm

180	- 7.8	HIGH	The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that s…	CWE-400 Uncontrolled Resource Consumption	CVE-2007-0086	cpe:2.3:a:apache:http_server:-:*			2026-04-23 09:35 2007-01-6	Show	GitHub Exploit DB Packet Storm