Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

283

CRITICAL

HIGH

MEDIUM

156

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	オープンソース Apache License v2.0

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
11	Apache HTTP Server 2.4	2.4.66	Dec. 4, 2025	Feb. 21, 2012		19	33	33	1
12	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	8	28	72	5
13	Apache HTTP Server 2.3	2.3.9				7	9	8	0
14	Apache HTTP Server 2.2	2.2.9				11	20	68	7
15	Apache HTTP Server 2.1	2.1.9				8	9	12	0
16	Apache HTTP Server 2.0	2.0.9				8	21	53	4
17	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
18	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
19	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
20	Apache HTTP Server 1.99	1.99				8	11	11	0
21	Apache HTTP Server 1.4	1.4.0				8	11	11	0
22	Apache HTTP Server 1.3	1.3.9				9	27	42	3
23	Apache HTTP Server 1.2	1.2.9				8	16	18	0
24	Apache HTTP Server 1.15	1.15.17				8	12	11	0
25	Apache HTTP Server 1.1	1.1.1				8	18	19	0
26	Apache HTTP Server 1.0	1.0.5				8	17	19	0
27	Apache HTTP Server 0.8	0.8.14				8	16	18	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
11	7.5 -	HIGH Network	HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header c…	-	CVE-2023-27522	cpe:2.3:a:apache:http_server::	2.4.30	2.4.55		2024-11-21 16:53 2023-03-8	Show	GitHub Exploit DB Packet Storm

12	5.3 -	MEDIUM Network	Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers…	-	CVE-2022-37436	cpe:2.3:a:apache:http_server::			2.4.55	2024-11-21 16:14 2023-01-18	Show	GitHub Exploit DB Packet Storm

13	9.0 -	CRITICAL Network	Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards reque…	-	CVE-2022-36760	cpe:2.3:a:apache:http_server::	2.4.0		2.4.55	2024-11-21 16:13 2023-01-18	Show	GitHub Exploit DB Packet Storm

14	7.5 -	HIGH Network	A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. …	-	CVE-2006-20001	cpe:2.3:a:apache:http_server::			2.4.55	2024-11-21 09:10 2023-01-18	Show	GitHub Exploit DB Packet Storm

15	9.8 7.5	CRITICAL Network	Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based auth…	CWE-345 Insufficient Verification of Data Authenticity	CVE-2022-31813	cpe:2.3:a:apache:http_server::		2.4.53		2024-11-21 16:05 2022-06-10	Show	GitHub Exploit DB Packet Storm

16	7.5 5.0	HIGH Network	Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.	NVD-CWE-Other	CVE-2022-30556	cpe:2.3:a:apache:http_server::		2.4.53		2024-11-21 16:02 2022-06-10	Show	GitHub Exploit DB Packet Storm

17	7.5 5.0	HIGH Network	If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigg…	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2022-30522	cpe:2.3:a:apache:http_server:2.4.53:*				2024-11-21 16:02 2022-06-10	Show	GitHub Exploit DB Packet Storm

18	7.5 5.0	HIGH Network	In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2022-29404	cpe:2.3:a:apache:http_server::		2.4.53		2024-11-21 15:59 2022-06-10	Show	GitHub Exploit DB Packet Storm

19	9.1 6.4	CRITICAL Network	Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed …	CWE-190 Integer Overflow or Wraparound	CVE-2022-28615	cpe:2.3:a:apache:http_server::		2.4.53		2024-11-21 15:57 2022-06-10	Show	GitHub Exploit DB Packet Storm

20	5.3 5.0	MEDIUM Network	The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as w…	CWE-190 Integer Overflow or Wraparound	CVE-2022-28614	cpe:2.3:a:apache:http_server::		2.4.53		2024-11-21 15:57 2022-06-10	Show	GitHub Exploit DB Packet Storm