Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

283

CRITICAL

HIGH

MEDIUM

156

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	Apache License v2.0 オープンソース

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
201	Apache HTTP Server 2.4	2.4.66	Dec. 4, 2025	Feb. 21, 2012		19	33	33	1
202	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	8	28	72	5
203	Apache HTTP Server 2.3	2.3.9				7	9	8	0
204	Apache HTTP Server 2.2	2.2.9				11	20	68	7
205	Apache HTTP Server 2.1	2.1.9				8	9	12	0
206	Apache HTTP Server 2.0	2.0.9				8	21	53	4
207	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
208	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
209	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
210	Apache HTTP Server 1.99	1.99				8	11	11	0
211	Apache HTTP Server 1.4	1.4.0				8	11	11	0
212	Apache HTTP Server 1.3	1.3.9				9	27	42	3
213	Apache HTTP Server 1.2	1.2.9				8	16	18	0
214	Apache HTTP Server 1.15	1.15.17				8	12	11	0
215	Apache HTTP Server 1.1	1.1.1				8	18	19	0
216	Apache HTTP Server 1.0	1.0.5				8	17	19	0
217	Apache HTTP Server 0.8	0.8.14				8	16	18	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
201	- 5.0	MEDIUM	The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).	NVD-CWE-noinfo	CVE-2004-0751	cpe:2.3:a:apache:http_server::	2.0.44		2.0.51	2023-11-7 10:56 2004-10-20	Show	GitHub Exploit DB Packet Storm

202	- 5.0	MEDIUM	The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using …	NVD-CWE-noinfo	CVE-2004-0786	cpe:2.3:a:apache:http_server::	2.0.35		2.0.51	2023-11-7 10:56 2004-10-20	Show	GitHub Exploit DB Packet Storm

203	7.8 4.6	HIGH Local	Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.	CWE-131 Incorrect Calculation of Buffer Size	CVE-2004-0747	cpe:2.3:a:apache:http_server::	2.0.35		2.0.51	2024-02-2 23:03 2004-10-20	Show	GitHub Exploit DB Packet Storm

204	- 5.0	MEDIUM	The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV au…	NVD-CWE-noinfo	CVE-2004-0809	cpe:2.3:a:apache:http_server::	2.0.35		2.0.51	2023-11-7 10:56 2004-09-16	Show	GitHub Exploit DB Packet Storm

205	- 10.0	HIGH	Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a nega…	NVD-CWE-Other	CVE-2004-0492	cpe:2.3:a:apache:http_server:1.3.31:* cpe:2.3:a:apache:http_server:1.3.29:* cpe:2.3:a:apache:http_server:1.3.28:*…				2023-11-7 10:56 2004-08-6	Show	GitHub Exploit DB Packet Storm

206	- 6.4	MEDIUM	The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based…	NVD-CWE-Other	CVE-2004-0493	cpe:2.3:a:apache:http_server:2.0.49:* cpe:2.3:a:apache:http_server:2.0.48:* cpe:2.3:a:apache:http_server:2.0.47:*				2023-11-7 10:56 2004-08-6	Show	GitHub Exploit DB Packet Storm

207	- 7.5	HIGH	Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitr…	CWE-787 Out-of-bounds Write	CVE-2004-0488	cpe:2.3:a:apache:http_server::	2.0.35		2.0.50	2023-11-7 10:56 2004-07-7	Show	GitHub Exploit DB Packet Storm

208	7.5 5.0	HIGH Network	Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "…	CWE-667 Improper Locking	CVE-2004-0174	cpe:2.3:a:apache:http_server::		2.0.49		2024-02-16 05:37 2004-05-4	Show	GitHub Exploit DB Packet Storm

209	- 5.0	MEDIUM	Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (do…	NVD-CWE-Other	CVE-2004-0173	cpe:2.3:a:apache:http_server:1.3:* cpe:2.3:a:apache:http_server:1.2:* cpe:2.3:a:apache:http_server:1.2.5:* cpe…				2017-10-10 10:30 2004-04-15	Show	GitHub Exploit DB Packet Storm

210	- 7.5	HIGH	mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to …	NVD-CWE-Other	CVE-2003-0993	cpe:2.3:a:apache:http_server:1.3:* cpe:2.3:a:apache:http_server:1.3.9:* cpe:2.3:a:apache:http_server:1.3.7:* c…				2023-11-7 10:56 2004-03-29	Show	GitHub Exploit DB Packet Storm