Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

283

CRITICAL

HIGH

MEDIUM

156

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	Apache License v2.0 オープンソース

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
251	Apache HTTP Server 2.4	2.4.66	Dec. 4, 2025	Feb. 21, 2012		19	33	33	1
252	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	8	28	72	5
253	Apache HTTP Server 2.3	2.3.9				7	9	8	0
254	Apache HTTP Server 2.2	2.2.9				11	20	68	7
255	Apache HTTP Server 2.1	2.1.9				8	9	12	0
256	Apache HTTP Server 2.0	2.0.9				8	21	53	4
257	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
258	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
259	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
260	Apache HTTP Server 1.99	1.99				8	11	11	0
261	Apache HTTP Server 1.4	1.4.0				8	11	11	0
262	Apache HTTP Server 1.3	1.3.9				9	27	42	3
263	Apache HTTP Server 1.2	1.2.9				8	16	18	0
264	Apache HTTP Server 1.15	1.15.17				8	12	11	0
265	Apache HTTP Server 1.1	1.1.1				8	18	19	0
266	Apache HTTP Server 1.0	1.0.5				8	17	19	0
267	Apache HTTP Server 0.8	0.8.14				8	16	18	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
251	- 5.0	MEDIUM	The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof…	CWE-532 Inclusion of Sensitive Information in Log Files	CVE-2001-1556	cpe:2.3:a:apache:http_server::	1.3.0 2.0.0		1.3.31 2.0.49	2020-10-15 01:51 2001-12-31	Show	GitHub Exploit DB Packet Storm

252	- 2.1	LOW	mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain ses…	CWE-384 Session Fixation	CVE-2001-1534	cpe:2.3:a:apache:http_server::	1.3.11	1.3.20		2021-07-16 05:37 2001-12-31	Show	GitHub Exploit DB Packet Storm

253	- 7.5	HIGH	The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.	NVD-CWE-Other	CVE-2001-1449	cpe:2.3:a:apache:http_server:1.3:* cpe:2.3:a:apache:http_server:1.3.9:* cpe:2.3:a:apache:http_server:1.3.6:* c…				2017-07-11 10:29 2001-11-28	Show	GitHub Exploit DB Packet Storm

254	- 5.0	MEDIUM	Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.	NVD-CWE-Other	CVE-2001-0729	cpe:2.3:a:apache:http_server:1.3.20:*				2023-11-7 10:55 2001-10-30	Show	GitHub Exploit DB Packet Storm

255	- 5.0	MEDIUM	split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.	NVD-CWE-Other	CVE-2001-0730	cpe:2.3:a:apache:http_server:1.3.20:*				2023-11-7 10:55 2001-10-30	Show	GitHub Exploit DB Packet Storm

256	9.8 7.5	CRITICAL Network	Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.	CWE-178 Improper Handling of Case Sensitivity	CVE-2001-0766	cpe:2.3:a:apache:http_server:1.3.14:*				2024-02-2 11:13 2001-10-18	Show	GitHub Exploit DB Packet Storm

257	- 5.0	MEDIUM	Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.	NVD-CWE-Other	CVE-2001-0731	cpe:2.3:a:apache:http_server:1.3.20:*				2023-11-7 10:55 2001-10-1	Show	GitHub Exploit DB Packet Storm

258	- 5.0	MEDIUM	Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expressio…	NVD-CWE-Other	CVE-2001-1072	cpe:2.3:a:apache:http_server:1.3.19:* cpe:2.3:a:apache:http_server:1.3.17:* cpe:2.3:a:apache:http_server:1.3.14:*				2017-10-10 10:29 2001-08-31	Show	GitHub Exploit DB Packet Storm

259	- 5.0	MEDIUM	Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters…	NVD-CWE-Other	CVE-2001-1342	cpe:2.3:a:apache:http_server:1.3.19:* cpe:2.3:a:apache:http_server:1.3.18:* cpe:2.3:a:apache:http_server:1.3.17:*…				2023-11-7 10:55 2001-05-12	Show	GitHub Exploit DB Packet Storm

260	- 3.3	LOW	htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.	CWE-59 Link Following	CVE-2001-0131	cpe:2.3:a:apache:http_server:2.0:alpha9 cpe:2.3:a:apache:http_server:1.3.14:*				2020-10-10 02:52 2001-03-12	Show	GitHub Exploit DB Packet Storm