Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

283

CRITICAL

HIGH

MEDIUM

156

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	Apache License v2.0 オープンソース

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
211	Apache HTTP Server 2.4	2.4.66	Dec. 4, 2025	Feb. 21, 2012		19	33	33	1
212	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	8	28	72	5
213	Apache HTTP Server 2.3	2.3.9				7	9	8	0
214	Apache HTTP Server 2.2	2.2.9				11	20	68	7
215	Apache HTTP Server 2.1	2.1.9				8	9	12	0
216	Apache HTTP Server 2.0	2.0.9				8	21	53	4
217	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
218	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
219	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
220	Apache HTTP Server 1.99	1.99				8	11	11	0
221	Apache HTTP Server 1.4	1.4.0				8	11	11	0
222	Apache HTTP Server 1.3	1.3.9				9	27	42	3
223	Apache HTTP Server 1.2	1.2.9				8	16	18	0
224	Apache HTTP Server 1.15	1.15.17				8	12	11	0
225	Apache HTTP Server 1.1	1.1.1				8	18	19	0
226	Apache HTTP Server 1.0	1.0.5				8	17	19	0
227	Apache HTTP Server 0.8	0.8.14				8	16	18	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
211	- 5.0	MEDIUM	Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enable…	NVD-CWE-Other	CVE-2004-0113	cpe:2.3:a:apache:http_server:2.0.48:* cpe:2.3:a:apache:http_server:2.0.47:* cpe:2.3:a:apache:http_server:2.0.46:*…				2023-11-7 10:56 2004-03-29	Show	GitHub Exploit DB Packet Storm

212	- 2.1	LOW	mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.	NVD-CWE-Other	CVE-2004-1834	cpe:2.3:a:apache:http_server:2.0:* cpe:2.3:a:apache:http_server:2.0.9:* cpe:2.3:a:apache:http_server:2.0.49:* …				2023-11-7 10:56 2004-03-20	Show	GitHub Exploit DB Packet Storm

213	- 7.5	HIGH	mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.	NVD-CWE-Other	CVE-2003-0987	cpe:2.3:a:apache:http_server::		1.3.30		2023-11-7 10:56 2004-03-3	Show	GitHub Exploit DB Packet Storm

214	- 7.5	HIGH	mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.	NVD-CWE-Other	CVE-2004-1082	cpe:2.3:a:apache:http_server:1.3:* cpe:2.3:a:apache:http_server:1.3.9:* cpe:2.3:a:apache:http_server:1.3.7:* c…				2018-10-31 01:25 2004-02-3	Show	GitHub Exploit DB Packet Storm

215	- 4.3	MEDIUM	Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, wh…	CWE-200 Information Exposure	CVE-2003-1418	cpe:2.3:a:apache:http_server:1.3.27:* cpe:2.3:a:apache:http_server:1.3.26:* cpe:2.3:a:apache:http_server:1.3.25:*…				2017-10-20 10:29 2003-12-31	Show	GitHub Exploit DB Packet Storm

216	- 4.3	MEDIUM	The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated …	NVD-CWE-Other	CVE-2003-1307	cpe:2.3:a:apache:http_server:2.0:* cpe:2.3:a:apache:http_server:2.0.9:* cpe:2.3:a:apache:http_server:2.0.48:* …				2024-08-8 12:15 2003-12-31	Show	GitHub Exploit DB Packet Storm

217	- 7.2	HIGH	Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbit…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2003-0542	cpe:2.3:a:apache:http_server:2.0:* cpe:2.3:a:apache:http_server:2.0.47:* cpe:2.3:a:apache:http_server:2.0.46:*				2023-11-7 10:56 2003-11-3	Show	GitHub Exploit DB Packet Storm

218	- 10.0	HIGH	mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.	NVD-CWE-noinfo	CVE-2003-0789	cpe:2.3:a:apache:http_server::	2.0.35		2.0.48	2023-11-7 10:56 2003-11-3	Show	GitHub Exploit DB Packet Storm

219	- 5.0	MEDIUM	The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers t…	NVD-CWE-Other	CVE-2003-0460	cpe:2.3:a:apache:http_server::		1.3.27		2023-11-7 10:56 2003-08-27	Show	GitHub Exploit DB Packet Storm

220	- 6.4	MEDIUM	Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrad…	NVD-CWE-Other	CVE-2003-0192	cpe:2.3:a:apache:http_server:2.0:* cpe:2.3:a:apache:http_server:2.0.46:* cpe:2.3:a:apache:http_server:2.0.45:*				2023-11-7 10:56 2003-08-18	Show	GitHub Exploit DB Packet Storm