Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

298

CRITICAL

HIGH

101

MEDIUM

159

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	オープンソース Apache License v2.0

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
1	Apache HTTP Server 2.4	2.4.67	May 4, 2026	Feb. 21, 2012		22	39	36	1
2	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	9	29	73	5
3	Apache HTTP Server 2.3	2.3.9				8	10	9	0
4	Apache HTTP Server 2.2	2.2.9				12	21	69	7
5	Apache HTTP Server 2.1	2.1.9				9	10	13	0
6	Apache HTTP Server 2.0	2.0.9				9	22	54	4
7	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
8	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
9	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
10	Apache HTTP Server 1.99	1.99				9	12	12	0
11	Apache HTTP Server 1.4	1.4.0				9	12	12	0
12	Apache HTTP Server 1.3	1.3.9				10	28	43	3
13	Apache HTTP Server 1.2	1.2.9				9	17	19	0
14	Apache HTTP Server 1.15	1.15.17				9	13	12	0
15	Apache HTTP Server 1.1	1.1.1				9	19	20	0
16	Apache HTTP Server 1.0	1.0.5				9	18	20	0
17	Apache HTTP Server 0.8	0.8.14				9	17	19	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
1	7.5 -	HIGH Network	Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 … Update	CWE-789 Memory Allocation with Excessive Size Value	CVE-2026-49975	cpe:2.3:a:apache:http_server::	2.4.17		2.4.68	2026-06-11 04:36 2026-06-9	Show	GitHub Exploit DB Packet Storm

2	7.3 -	HIGH Network	Use After Free vulnerability in Apache HTTP Server module mod_http2 when file handles are already exhausted. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.67. Update	CWE-416 Use After Free	CVE-2026-48913	cpe:2.3:a:apache:http_server::	2.4.55		2.4.68	2026-06-11 04:31 2026-06-9	Show	GitHub Exploit DB Packet Storm

3	9.8 -	CRITICAL Network	Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to… Update	CWE-124 Buffer Underflow	CVE-2026-44631	cpe:2.3:a:apache:http_server::	2.4.0		2.4.68	2026-06-11 13:01 2026-06-9	Show	GitHub Exploit DB Packet Storm

4	7.3 -	HIGH Network	Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the mod_proxy_ftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue affects undefined: f… Update	CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')	CVE-2026-44186	cpe:2.3:a:apache:http_server::	2.4.0		2.4.68	2026-06-11 13:01 2026-06-9	Show	GitHub Exploit DB Packet Storm

5	7.3 -	HIGH Network	Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are rec… Update	CWE-126 Buffer Over-read	CVE-2026-44185	cpe:2.3:a:apache:http_server::	2.4.0		2.4.68	2026-06-11 13:01 2026-06-9	Show	GitHub Exploit DB Packet Storm

6	5.5 -	MEDIUM Local	Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTT… Update	CWE-269 Improper Privilege Management	CVE-2026-44119	cpe:2.3:a:apache:http_server::	2.4.0		2.4.68	2026-06-11 13:01 2026-06-9	Show	GitHub Exploit DB Packet Storm

7	6.5 -	MEDIUM Network	Out-of-bounds Read vulnerability in Apache HTTP Server with mod_headers and mod_mime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Update	CWE-125 Out-of-bounds Read	CVE-2026-43951	cpe:2.3:a:apache:http_server::	2.4.0	2.4.67		2026-06-11 13:00 2026-06-9	Show	GitHub Exploit DB Packet Storm

8	7.5 -	HIGH Network	Heap-based Buffer Overflow vulnerability in Apache HTTP Server with mod_xml2enc, xml2StartParse, and untrusted content This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are re…	CWE-122 Heap-based Buffer Overflow	CVE-2026-42536	cpe:2.3:a:apache:http_server::	2.4.0		2.4.68	2026-06-10 00:55 2026-06-9	Show	GitHub Exploit DB Packet Storm

9	9.1 -	CRITICAL Network	A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes. User…	CWE-668 Exposure of Resource to Wrong Sphere	CVE-2026-42535	cpe:2.3:a:apache:http_server::			2.4.68	2026-06-10 01:00 2026-06-9	Show	GitHub Exploit DB Packet Storm

10	7.5 -	HIGH Network	Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie* This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are…	CWE-122 Heap-based Buffer Overflow	CVE-2026-34356	cpe:2.3:a:apache:http_server::	2.4.0		2.4.68	2026-06-10 01:17 2026-06-9	Show	GitHub Exploit DB Packet Storm