Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

283

CRITICAL

HIGH

MEDIUM

156

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	Apache License v2.0 オープンソース

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
261	Apache HTTP Server 2.4	2.4.66	Dec. 4, 2025	Feb. 21, 2012		19	33	33	1
262	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	8	28	72	5
263	Apache HTTP Server 2.3	2.3.9				7	9	8	0
264	Apache HTTP Server 2.2	2.2.9				11	20	68	7
265	Apache HTTP Server 2.1	2.1.9				8	9	12	0
266	Apache HTTP Server 2.0	2.0.9				8	21	53	4
267	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
268	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
269	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
270	Apache HTTP Server 1.99	1.99				8	11	11	0
271	Apache HTTP Server 1.4	1.4.0				8	11	11	0
272	Apache HTTP Server 1.3	1.3.9				9	27	42	3
273	Apache HTTP Server 1.2	1.2.9				8	16	18	0
274	Apache HTTP Server 1.15	1.15.17				8	12	11	0
275	Apache HTTP Server 1.1	1.1.1				8	18	19	0
276	Apache HTTP Server 1.0	1.0.5				8	17	19	0
277	Apache HTTP Server 0.8	0.8.14				8	16	18	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	Update date Published date	Show Affected	Exploit PoC Search
261	- 5.0	MEDIUM	The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) chara…	CWE-22 Path Traversal	CVE-2001-0925	cpe:2.3:a:apache:http_server:1.3.17:* cpe:2.3:a:apache:http_server:1.3.14:* cpe:2.3:a:apache:http_server:1.3.12:*…		2023-11-7 10:55 2001-03-12	Show	GitHub Exploit DB Packet Storm

262	- 5.0	MEDIUM	PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.	NVD-CWE-Other	CVE-2001-0042	cpe:2.3:a:apache:http_server:1.3:*		2017-10-10 10:29 2001-02-16	Show	GitHub Exploit DB Packet Storm

263	- 5.0	MEDIUM	mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.	NVD-CWE-Other	CVE-2000-0913	cpe:2.3:a:apache:http_server:1.3.12:* cpe:2.3:a:apache:http_server:1.3.11:* cpe:2.3:a:apache:http_server:1.1:*		2023-11-7 10:55 2000-12-19	Show	GitHub Exploit DB Packet Storm

264	- 5.0	MEDIUM	The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.	NVD-CWE-Other	CVE-2000-0868	cpe:2.3:a:apache:http_server:1.3.12:*		2017-10-10 10:29 2000-11-14	Show	GitHub Exploit DB Packet Storm

265	- 5.0	MEDIUM	The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method.	NVD-CWE-Other	CVE-2000-0869	cpe:2.3:a:apache:http_server:1.3.12:*		2017-10-10 10:29 2000-11-14	Show	GitHub Exploit DB Packet Storm

266	- 5.0	MEDIUM	Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under th…	NVD-CWE-Other	CVE-2000-1204	cpe:2.3:a:apache:http_server:1.3.9:* cpe:2.3:a:apache:http_server:1.3.12:* cpe:2.3:a:apache:http_server:1.3.11:*		2023-11-7 10:55 2000-10-13	Show	GitHub Exploit DB Packet Storm

267	- 5.0	MEDIUM	The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.	NVD-CWE-Other	CVE-2000-0505	cpe:2.3:a:apache:http_server:1.3.9:* cpe:2.3:a:apache:http_server:1.3.6:* cpe:2.3:a:apache:http_server:1.3.12:*		2023-11-7 10:55 2000-05-31	Show	GitHub Exploit DB Packet Storm

268	- 4.3	MEDIUM	Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode i…	CWE-79 Cross-site Scripting	CVE-2000-1205	cpe:2.3:a:apache:http_server:1.3.9:* cpe:2.3:a:apache:http_server:1.3.8:* cpe:2.3:a:apache:http_server:1.3.7:*		2023-11-7 10:55 2000-02-1	Show	GitHub Exploit DB Packet Storm

269	- 10.0	HIGH	mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.	NVD-CWE-Other	CVE-1999-1293	cpe:2.3:a:apache:http_server::	1.2.5	2016-10-18 11:02 1999-12-31	Show	GitHub Exploit DB Packet Storm

270	- 5.0	MEDIUM	The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.	NVD-CWE-noinfo	CVE-1999-0289	cpe:2.3:a:apache:http_server:-:*		2022-08-17 19:15 1999-12-12	Show	GitHub Exploit DB Packet Storm