Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

283

CRITICAL

HIGH

MEDIUM

156

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	オープンソース Apache License v2.0

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
181	Apache HTTP Server 2.4	2.4.66	Dec. 4, 2025	Feb. 21, 2012		19	33	33	1
182	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	8	28	72	5
183	Apache HTTP Server 2.3	2.3.9				7	9	8	0
184	Apache HTTP Server 2.2	2.2.9				11	20	68	7
185	Apache HTTP Server 2.1	2.1.9				8	9	12	0
186	Apache HTTP Server 2.0	2.0.9				8	21	53	4
187	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
188	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
189	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
190	Apache HTTP Server 1.99	1.99				8	11	11	0
191	Apache HTTP Server 1.4	1.4.0				8	11	11	0
192	Apache HTTP Server 1.3	1.3.9				9	27	42	3
193	Apache HTTP Server 1.2	1.2.9				8	16	18	0
194	Apache HTTP Server 1.15	1.15.17				8	12	11	0
195	Apache HTTP Server 1.1	1.1.1				8	18	19	0
196	Apache HTTP Server 1.0	1.0.5				8	17	19	0
197	Apache HTTP Server 0.8	0.8.14				8	16	18	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
181	- 6.8	MEDIUM	Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_v…	NVD-CWE-Other	CVE-2006-4154	cpe:2.3:a:apache:http_server:2.2:* cpe:2.3:a:apache:http_server:2.2.3:* cpe:2.3:a:apache:http_server:2.2.2:* c…				2026-04-23 09:35 2006-10-17	Show	GitHub Exploit DB Packet Storm

182	- 4.3	MEDIUM	Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive …	NVD-CWE-Other	CVE-2006-4110	cpe:2.3:a:apache:http_server:2.2.3:* cpe:2.3:a:apache:http_server:2.2.2:* cpe:2.3:a:apache:http_server:2.0.58:*				2018-10-18 06:33 2006-08-15	Show	GitHub Exploit DB Packet Storm

183	- 7.6	HIGH	Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows rem…	CWE-189 Numeric Errors	CVE-2006-3747	cpe:2.3:a:apache:http_server::	2.2.0 1.3.28 2.0.46		2.2.3 1.3.37 2.0.59	2023-02-13 11:16 2006-07-29	Show	GitHub Exploit DB Packet Storm

184	- 4.3	MEDIUM	http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect …	CWE-79 Cross-site Scripting	CVE-2006-3918	cpe:2.3:a:apache:http_server::	1.3.3		1.3.35	2023-11-7 10:59 2006-07-28	Show	GitHub Exploit DB Packet Storm

185	- 5.4	MEDIUM	mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) v…	CWE-399 Resource Management Errors	CVE-2005-3357	cpe:2.3:a:apache:http_server:2.0:* cpe:2.3:a:apache:http_server:2.0.9:* cpe:2.3:a:apache:http_server:2.0.55:* …				2023-02-13 11:15 2005-12-31	Show	GitHub Exploit DB Packet Storm

186	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HT…	CWE-79 Cross-site Scripting	CVE-2005-3352	cpe:2.3:a:apache:http_server:2.2:* cpe:2.3:a:apache:http_server::	2.0		1.3.35 2.0.56	2024-01-20 00:12 2005-12-14	Show	GitHub Exploit DB Packet Storm

187	- 5.0	MEDIUM	Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the …	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2005-2970	cpe:2.3:a:apache:http_server::	2.0.36		2.0.55	2023-02-13 10:16 2005-10-26	Show	GitHub Exploit DB Packet Storm

188	- 10.0	HIGH	ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location con…	NVD-CWE-noinfo	CVE-2005-2700	cpe:2.3:a:apache:http_server::	2.0.35		2.0.55	2023-02-13 10:16 2005-09-7	Show	GitHub Exploit DB Packet Storm

189	- 5.0	MEDIUM	The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.	NVD-CWE-Other	CVE-2005-2728	cpe:2.3:a:apache:http_server:2.0:* cpe:2.3:a:apache:http_server:2.0.9:* cpe:2.3:a:apache:http_server:2.0.53:* …				2023-11-7 10:57 2005-08-30	Show	GitHub Exploit DB Packet Storm

190	- 5.0	MEDIUM	Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process cr…	CWE-193 Off-by-one Error	CVE-2005-1268	cpe:2.3:a:apache:http_server::	2.0.35	2.0.54		2023-02-13 10:15 2005-08-5	Show	GitHub Exploit DB Packet Storm