Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

283

CRITICAL

HIGH

MEDIUM

156

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	Apache License v2.0 オープンソース

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
51	Apache HTTP Server 2.4	2.4.66	Dec. 4, 2025	Feb. 21, 2012		19	33	33	1
52	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	8	28	72	5
53	Apache HTTP Server 2.3	2.3.9				7	9	8	0
54	Apache HTTP Server 2.2	2.2.9				11	20	68	7
55	Apache HTTP Server 2.1	2.1.9				8	9	12	0
56	Apache HTTP Server 2.0	2.0.9				8	21	53	4
57	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
58	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
59	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
60	Apache HTTP Server 1.99	1.99				8	11	11	0
61	Apache HTTP Server 1.4	1.4.0				8	11	11	0
62	Apache HTTP Server 1.3	1.3.9				9	27	42	3
63	Apache HTTP Server 1.2	1.2.9				8	16	18	0
64	Apache HTTP Server 1.15	1.15.17				8	12	11	0
65	Apache HTTP Server 1.1	1.1.1				8	18	19	0
66	Apache HTTP Server 1.0	1.0.5				8	17	19	0
67	Apache HTTP Server 0.8	0.8.14				8	16	18	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
51	9.1 6.4	CRITICAL Network	In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.	CWE-416 Use After Free	CVE-2019-10082	cpe:2.3:a:apache:http_server::	2.4.18	2.4.39		2024-11-21 13:18 2019-09-27	Show	GitHub Exploit DB Packet Storm

52	7.2 6.0	HIGH Network	In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buf…	CWE-787 CWE-476 Out-of-bounds Write NULL Pointer Dereference	CVE-2019-10097	cpe:2.3:a:apache:http_server:2.4.38:* cpe:2.3:a:apache:http_server:2.4.37:* cpe:2.3:a:apache:http_server:2.4.35:*…				2024-11-21 13:18 2019-09-27	Show	GitHub Exploit DB Packet Storm

53	6.1 4.3	MEDIUM Network	In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instea…	CWE-79 Cross-site Scripting	CVE-2019-10092	cpe:2.3:a:apache:http_server::	2.4.0	2.4.39		2024-11-21 13:18 2019-09-27	Show	GitHub Exploit DB Packet Storm

54	6.1 5.8	MEDIUM Network	In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL wi…	CWE-601 Open Redirect	CVE-2019-10098	cpe:2.3:a:apache:http_server::	2.4.0	2.4.39		2024-11-21 13:18 2019-09-26	Show	GitHub Exploit DB Packet Storm

55	7.5 5.0	HIGH Network	HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copi…	CWE-787 Out-of-bounds Write	CVE-2019-10081	cpe:2.3:a:apache:http_server::	2.4.20	2.4.39		2024-11-21 13:18 2019-08-16	Show	GitHub Exploit DB Packet Storm

56	7.5 7.8	HIGH Network	Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without const…	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2019-9517	cpe:2.3:a:apache:http_server::	2.4.20		2.4.40	2024-11-21 13:51 2019-08-14	Show	GitHub Exploit DB Packet Storm

57	4.2 4.9	MEDIUM Network	A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2…	CWE-444 HTTP Request Smuggling	CVE-2019-0197	cpe:2.3:a:apache:http_server::	2.4.34	2.4.38		2024-11-21 13:16 2019-06-12	Show	GitHub Exploit DB Packet Storm

58	5.3 5.0	MEDIUM Network	A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining th…	CWE-416 Use After Free	CVE-2019-0196	cpe:2.3:a:apache:http_server::	2.4.17	2.4.38		2024-11-21 13:16 2019-06-12	Show	GitHub Exploit DB Packet Storm

59	5.3 5.0	MEDIUM Network	A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule…	CWE-706 Use of Incorrectly-Resolved Name or Reference	CVE-2019-0220	cpe:2.3:a:apache:http_server::	2.4.0	2.4.38		2024-11-21 13:16 2019-06-12	Show	GitHub Exploit DB Packet Storm

60	7.8 7.2	HIGH Local	In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scrip…	CWE-416 Use After Free	CVE-2019-0211	cpe:2.3:a:apache:http_server::	2.4.17	2.4.38		2024-11-21 13:16 2019-04-9	Show	GitHub Exploit DB Packet Storm