Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Apache HTTP Server Number Of NVD 283 CRITICAL 22 HIGH 92 MEDIUM 156 LOW 13
URL https://httpd.apache.org/
Explanation It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache.

The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server".

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag
  • Apache License v2.0
  • オープンソース
Add Information URL
No Type Name URL
1 https://httpd.apache.org/download.cgi
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
71 Apache HTTP Server 2.4 2.4.66 Dec. 4, 2025 Feb. 21, 2012 19 33 33 1
72 Apache HTTP Server 2.0 2.0.65 July 10, 2013 April 6, 2002 July 10, 2013 8 28 72 5
73 Apache HTTP Server 2.3 2.3.9 7 9 8 0
74 Apache HTTP Server 2.2 2.2.9 11 20 68 7
75 Apache HTTP Server 2.1 2.1.9 8 9 12 0
76 Apache HTTP Server 2.0 2.0.9 8 21 53 4
77 Apache HTTP Server 12.2 12.2.1.3.0 0 0 0 0
78 Apache HTTP Server 12.1 12.1.3.0.0 0 0 0 0
79 Apache HTTP Server 11.1 11.1.1.9.0 0 0 0 0
80 Apache HTTP Server 1.99 1.99 8 11 11 0
81 Apache HTTP Server 1.4 1.4.0 8 11 11 0
82 Apache HTTP Server 1.3 1.3.9 9 27 42 3
83 Apache HTTP Server 1.2 1.2.9 8 16 18 0
84 Apache HTTP Server 1.15 1.15.17 8 12 11 0
85 Apache HTTP Server 1.1 1.1.1 8 18 19 0
86 Apache HTTP Server 1.0 1.0.5 8 17 19 0
87 Apache HTTP Server 0.8 0.8.14 8 16 18 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
71 9.8
6.8 		CRITICAL
Network 		In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster … CWE-287
Improper Authentication 		CVE-2018-1312 cpe:2.3:a:apache:http_server:2.4.9:*
cpe:2.3:a:apache:http_server:2.4.7:*
cpe:2.3:a:apache:http_server:2.4.6:* 		2024-11-21 12:59
2018-03-27 		Show GitHub Exploit DB Packet Storm
72 7.5
5.0 		HIGH
Network 		A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be u… CWE-125
Out-of-bounds Read 		CVE-2018-1303 cpe:2.3:a:apache:http_server:*:* 2.4.29 2024-11-21 12:59
2018-03-27 		Show GitHub Exploit DB Packet Storm
73 5.9
4.3 		MEDIUM
Network 		When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools main… CWE-476
 NULL Pointer Dereference 		CVE-2018-1302 cpe:2.3:a:apache:http_server:*:* 2.4.29 2024-11-21 12:59
2018-03-27 		Show GitHub Exploit DB Packet Storm
74 5.9
4.3 		MEDIUM
Network 		A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerabili… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2018-1301 cpe:2.3:a:apache:http_server:*:* 2.4.29 2024-11-21 12:59
2018-03-27 		Show GitHub Exploit DB Packet Storm
75 5.3
3.5 		MEDIUM
Network 		In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a … NVD-CWE-noinfo
CVE-2018-1283 cpe:2.3:a:apache:http_server:*:* 2.4.0 2.4.29 2024-11-21 12:59
2018-03-27 		Show GitHub Exploit DB Packet Storm
76 8.1
6.8 		HIGH
Network 		In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could… CWE-20
 Improper Input Validation  		CVE-2017-15715 cpe:2.3:a:apache:http_server:*:* 2.4.0 2.4.29 2024-11-21 12:15
2018-03-27 		Show GitHub Exploit DB Packet Storm
77 7.5
5.0 		HIGH
Network 		In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset en… CWE-787
 Out-of-bounds Write 		CVE-2017-15710 cpe:2.3:a:apache:http_server:2.4.9:*
cpe:2.3:a:apache:http_server:2.4.7:*
cpe:2.3:a:apache:http_server:2.4.6:* 		2024-11-21 12:15
2018-03-27 		Show GitHub Exploit DB Packet Storm
78 4.3
3.3 		MEDIUM
Adjacent 		Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the se… - CVE-2016-8612 cpe:2.3:a:apache:http_server:*:* 2.4.23 2024-11-21 11:59
2018-03-10 		Show GitHub Exploit DB Packet Storm
79 7.5
5.0 		HIGH
Network 		Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsb… CWE-416
 Use After Free 		CVE-2017-9798 cpe:2.3:a:apache:http_server:2.4.9:*
cpe:2.3:a:apache:http_server:2.4.7:*
cpe:2.3:a:apache:http_server:2.4.6:* 		2.2.34 2024-11-21 12:36
2017-09-19 		Show GitHub Exploit DB Packet Storm
80 7.5
5.0 		HIGH
Network 		In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests. CWE-20
 Improper Input Validation  		CVE-2016-2161 cpe:2.3:a:apache:http_server:2.4.9:*
cpe:2.3:a:apache:http_server:2.4.8:*
cpe:2.3:a:apache:http_server:2.4.7:* 		2024-11-21 11:47
2017-07-28 		Show GitHub Exploit DB Packet Storm