Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

283

CRITICAL

HIGH

MEDIUM

156

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	Apache License v2.0 オープンソース

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
81	Apache HTTP Server 2.4	2.4.66	Dec. 4, 2025	Feb. 21, 2012		19	33	33	1
82	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	8	28	72	5
83	Apache HTTP Server 2.3	2.3.9				7	9	8	0
84	Apache HTTP Server 2.2	2.2.9				11	20	68	7
85	Apache HTTP Server 2.1	2.1.9				8	9	12	0
86	Apache HTTP Server 2.0	2.0.9				8	21	53	4
87	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
88	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
89	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
90	Apache HTTP Server 1.99	1.99				8	11	11	0
91	Apache HTTP Server 1.4	1.4.0				8	11	11	0
92	Apache HTTP Server 1.3	1.3.9				9	27	42	3
93	Apache HTTP Server 1.2	1.2.9				8	16	18	0
94	Apache HTTP Server 1.15	1.15.17				8	12	11	0
95	Apache HTTP Server 1.1	1.1.1				8	18	19	0
96	Apache HTTP Server 1.0	1.0.5				8	17	19	0
97	Apache HTTP Server 0.8	0.8.14				8	16	18	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
81	7.5 5.0	HIGH Network	In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by defaul…	CWE-310 Cryptographic Issues	CVE-2016-0736	cpe:2.3:a:apache:http_server:2.4.9:* cpe:2.3:a:apache:http_server:2.4.8:* cpe:2.3:a:apache:http_server:2.4.7:*				2024-11-21 11:42 2017-07-28	Show	GitHub Exploit DB Packet Storm

82	7.5 5.0	HIGH Network	Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors repres…	NVD-CWE-noinfo	CVE-2016-8743	cpe:2.3:a:apache:http_server::	2.4.1 2.2.0	2.4.23 2.2.31		2024-11-21 11:59 2017-07-28	Show	GitHub Exploit DB Packet Storm

83	7.5 5.0	HIGH Network	A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process.	CWE-476 NULL Pointer Dereference	CVE-2017-7659	cpe:2.3:a:apache:http_server:2.4.25:* cpe:2.3:a:apache:http_server:2.4.24:*				2024-11-21 12:32 2017-07-27	Show	GitHub Exploit DB Packet Storm

84	7.5 5.0	HIGH Network	When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.	CWE-416 Use After Free	CVE-2017-9789	cpe:2.3:a:apache:http_server:2.4.26:*				2024-11-21 12:36 2017-07-14	Show	GitHub Exploit DB Packet Storm

85	9.1 6.4	CRITICAL Network	In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assi…	CWE-200 CWE-20 Information Exposure Improper Input Validation	CVE-2017-9788	cpe:2.3:a:apache:http_server::	2.4.0	2.2.33 2.4.26		2024-11-21 12:36 2017-07-14	Show	GitHub Exploit DB Packet Storm

86	9.8 7.5	CRITICAL Network	In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2017-7679	cpe:2.3:a:apache:http_server::	2.2.0 2.4.0		2.2.33 2.4.26	2024-11-21 12:32 2017-06-20	Show	GitHub Exploit DB Packet Storm

87	9.8 7.5	CRITICAL Network	In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.	CWE-476 NULL Pointer Dereference	CVE-2017-3169	cpe:2.3:a:apache:http_server:2.4.2:* cpe:2.3:a:apache:http_server:2.4.25:* cpe:2.3:a:apache:http_server:2.4.23:*<…				2024-11-21 12:24 2017-06-20	Show	GitHub Exploit DB Packet Storm

88	7.5 5.0	HIGH Network	The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously…	CWE-125 Out-of-bounds Read	CVE-2017-7668	cpe:2.3:a:apache:http_server:2.4.25:* cpe:2.3:a:apache:http_server:2.4.24:* cpe:2.3:a:apache:http_server:2.2.32:*				2024-11-21 12:32 2017-06-20	Show	GitHub Exploit DB Packet Storm

89	9.8 7.5	CRITICAL Network	In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being…	CWE-287 Improper Authentication	CVE-2017-3167	cpe:2.3:a:apache:http_server::	2.2.0 2.4.0		2.2.33 2.4.26	2024-11-21 12:24 2017-06-20	Show	GitHub Exploit DB Packet Storm

90	7.5 5.0	HIGH Network	The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to ca…	CWE-20 CWE-399 Improper Input Validation Resource Management Errors	CVE-2016-8740	cpe:2.3:a:apache:http_server:2.4.23:* cpe:2.3:a:apache:http_server:2.4.22:* cpe:2.3:a:apache:http_server:2.4.21:*…				2024-11-21 11:59 2016-12-6	Show	GitHub Exploit DB Packet Storm