Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Apache HTTP Server Number Of NVD 283 CRITICAL 22 HIGH 92 MEDIUM 156 LOW 13
URL https://httpd.apache.org/
Explanation It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache.

The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server".

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag
  • Apache License v2.0
  • オープンソース
Add Information URL
No Type Name URL
1 https://httpd.apache.org/download.cgi
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
61 Apache HTTP Server 2.4 2.4.66 Dec. 4, 2025 Feb. 21, 2012 19 33 33 1
62 Apache HTTP Server 2.0 2.0.65 July 10, 2013 April 6, 2002 July 10, 2013 8 28 72 5
63 Apache HTTP Server 2.3 2.3.9 7 9 8 0
64 Apache HTTP Server 2.2 2.2.9 11 20 68 7
65 Apache HTTP Server 2.1 2.1.9 8 9 12 0
66 Apache HTTP Server 2.0 2.0.9 8 21 53 4
67 Apache HTTP Server 12.2 12.2.1.3.0 0 0 0 0
68 Apache HTTP Server 12.1 12.1.3.0.0 0 0 0 0
69 Apache HTTP Server 11.1 11.1.1.9.0 0 0 0 0
70 Apache HTTP Server 1.99 1.99 8 11 11 0
71 Apache HTTP Server 1.4 1.4.0 8 11 11 0
72 Apache HTTP Server 1.3 1.3.9 9 27 42 3
73 Apache HTTP Server 1.2 1.2.9 8 16 18 0
74 Apache HTTP Server 1.15 1.15.17 8 12 11 0
75 Apache HTTP Server 1.1 1.1.1 8 18 19 0
76 Apache HTTP Server 1.0 1.0.5 8 17 19 0
77 Apache HTTP Server 0.8 0.8.14 8 16 18 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
61 7.5
6.0 		HIGH
Network 		In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another usern… CWE-362
Race Condition 		CVE-2019-0217 cpe:2.3:a:apache:http_server:*:* 2.4.0 2.4.38 2024-11-21 13:16
2019-04-9 		Show GitHub Exploit DB Packet Storm
62 7.5
6.0 		HIGH
Network 		In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restri… NVD-CWE-noinfo
CVE-2019-0215 cpe:2.3:a:apache:http_server:2.4.38:*
cpe:2.3:a:apache:http_server:2.4.37:* 		2024-11-21 13:16
2019-04-9 		Show GitHub Exploit DB Packet Storm
63 7.5
5.0 		HIGH
Network 		In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessio… CWE-384
 Session Fixation 		CVE-2018-17199 cpe:2.3:a:apache:http_server:*:* 2.4.0 2.4.37 2024-11-21 12:54
2019-01-31 		Show GitHub Exploit DB Packet Storm
64 7.5
5.0 		HIGH
Network 		A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This b… NVD-CWE-noinfo
CVE-2019-0190 cpe:2.3:a:apache:http_server:2.4.37:* 2024-11-21 13:16
2019-01-31 		Show GitHub Exploit DB Packet Storm
65 5.3
5.0 		MEDIUM
Network 		In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up th… CWE-400
 Uncontrolled Resource Consumption 		CVE-2018-17189 cpe:2.3:a:apache:http_server:2.4.37:*
cpe:2.3:a:apache:http_server:2.4.35:*
cpe:2.3:a:apache:http_server:2.4.34:*… 		2024-11-21 12:54
2019-01-31 		Show GitHub Exploit DB Packet Storm
66 5.9
4.3 		MEDIUM
Network 		In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This… NVD-CWE-noinfo
CVE-2018-11763 cpe:2.3:a:apache:http_server:*:* 2.4.17 2.4.34 2024-11-21 12:43
2018-09-26 		Show GitHub Exploit DB Packet Storm
67 6.1
4.3 		MEDIUM
Network 		Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into … CWE-93
CRLF Injection 		CVE-2016-4975 cpe:2.3:a:apache:http_server:2.4.9:*
cpe:2.3:a:apache:http_server:2.4.7:*
cpe:2.3:a:apache:http_server:2.4.6:* 		2024-11-21 11:53
2018-08-14 		Show GitHub Exploit DB Packet Storm
68 6.5
6.4 		MEDIUM
Network 		A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator cou… - CVE-2017-12171 cpe:2.3:a:apache:http_server:2.2.15-60:* 2024-11-21 12:08
2018-07-27 		Show GitHub Exploit DB Packet Storm
69 7.5
5.0 		HIGH
Network 		By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP … CWE-476
 NULL Pointer Dereference 		CVE-2018-8011 cpe:2.3:a:apache:http_server:2.4.33:* 2024-11-21 13:13
2018-07-18 		Show GitHub Exploit DB Packet Storm
70 7.5
5.0 		HIGH
Network 		By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected … CWE-400
 Uncontrolled Resource Consumption 		CVE-2018-1333 cpe:2.3:a:apache:http_server:2.4.33:*
cpe:2.3:a:apache:http_server:*:* 		2.4.18 2.4.30 2024-11-21 12:59
2018-06-19 		Show GitHub Exploit DB Packet Storm