Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

283

CRITICAL

HIGH

MEDIUM

156

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	Apache License v2.0 オープンソース

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
231	Apache HTTP Server 2.4	2.4.66	Dec. 4, 2025	Feb. 21, 2012		19	33	33	1
232	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	8	28	72	5
233	Apache HTTP Server 2.3	2.3.9				7	9	8	0
234	Apache HTTP Server 2.2	2.2.9				11	20	68	7
235	Apache HTTP Server 2.1	2.1.9				8	9	12	0
236	Apache HTTP Server 2.0	2.0.9				8	21	53	4
237	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
238	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
239	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
240	Apache HTTP Server 1.99	1.99				8	11	11	0
241	Apache HTTP Server 1.4	1.4.0				8	11	11	0
242	Apache HTTP Server 1.3	1.3.9				9	27	42	3
243	Apache HTTP Server 1.2	1.2.9				8	16	18	0
244	Apache HTTP Server 1.15	1.15.17				8	12	11	0
245	Apache HTTP Server 1.1	1.1.1				8	18	19	0
246	Apache HTTP Server 1.0	1.0.5				8	17	19	0
247	Apache HTTP Server 0.8	0.8.14				8	16	18	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	less than	Update date Published date	Show Affected	Exploit PoC Search
231	- 4.6	MEDIUM	Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setui…	NVD-CWE-Other	CVE-2002-1658	cpe:2.3:a:apache:http_server:1.3.9:* cpe:2.3:a:apache:http_server:1.3.6:* cpe:2.3:a:apache:http_server:1.3.4:*			2017-07-11 10:29 2002-12-31	Show	GitHub Exploit DB Packet Storm

232	- 5.0	MEDIUM	Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.	NVD-CWE-Other	CVE-2002-2012	cpe:2.3:a:apache:http_server:1.3.19:*			2008-09-6 05:32 2002-12-31	Show	GitHub Exploit DB Packet Storm

233	- 7.5	HIGH	PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for ph…	NVD-CWE-Other	CVE-2002-2029	cpe:2.3:a:apache:http_server:1.3.20:* cpe:2.3:a:apache:http_server:1.3.19:* cpe:2.3:a:apache:http_server:1.3.18:*…			2008-09-6 05:32 2002-12-31	Show	GitHub Exploit DB Packet Storm

234	- 5.0	MEDIUM	Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide…	NVD-CWE-Other	CVE-2002-2103	cpe:2.3:a:apache:http_server:1.3.9:* cpe:2.3:a:apache:http_server:1.3.23:* cpe:2.3:a:apache:http_server:1.3.22:*<…			2008-09-6 05:32 2002-12-31	Show	GitHub Exploit DB Packet Storm

235	- 7.8	HIGH	Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a …	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2002-2272	cpe:2.3:a:apache:http_server:1.3:* cpe:2.3:a:apache:http_server:1.3.2:* cpe:2.3:a:apache:http_server:1.3.27:* …			2017-07-29 10:29 2002-12-31	Show	GitHub Exploit DB Packet Storm

236	7.5 5.0	HIGH Network	mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data …	CWE-667 Improper Locking	CVE-2002-1850	cpe:2.3:a:apache:http_server:2.0.40:* cpe:2.3:a:apache:http_server:2.0.39:*			2024-02-9 09:29 2002-12-31	Show	GitHub Exploit DB Packet Storm

237	- 2.6	LOW	A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or mo…	NVD-CWE-Other	CVE-2002-1233	cpe:2.3:a:apache:http_server:1.3.27:* cpe:2.3:a:apache:http_server:1.3.26:* cpe:2.3:a:apache:http_server:1.3.26:*…			2016-10-18 11:25 2002-11-4	Show	GitHub Exploit DB Packet Storm

238	- 7.2	HIGH	The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of serv…	NVD-CWE-noinfo	CVE-2002-0839	cpe:2.3:a:apache:http_server::	1.3.0	1.3.27	2023-11-7 10:55 2002-10-11	Show	GitHub Exploit DB Packet Storm

239	- 6.8	MEDIUM	Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows …	NVD-CWE-Other	CVE-2002-0840	cpe:2.3:a:apache:http_server:2.0:* cpe:2.3:a:apache:http_server:2.0.42:* cpe:2.3:a:apache:http_server:2.0.41:*			2023-11-7 10:55 2002-10-11	Show	GitHub Exploit DB Packet Storm

240	- 7.5	HIGH	Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly exec…	NVD-CWE-Other	CVE-2002-0843	cpe:2.3:a:apache:http_server:1.3:* cpe:2.3:a:apache:http_server:1.3.9:* cpe:2.3:a:apache:http_server:1.3.6:* c…			2023-11-7 10:55 2002-10-11	Show	GitHub Exploit DB Packet Storm