Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

298

CRITICAL

HIGH

101

MEDIUM

159

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	オープンソース Apache License v2.0

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
91	New!! Apache HTTP Server 2.4	2.4.68	June 8, 2026	Feb. 21, 2012		22	39	36	1
92	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	9	29	73	5
93	Apache HTTP Server 2.3	2.3.9				8	10	9	0
94	Apache HTTP Server 2.2	2.2.9				12	21	69	7
95	Apache HTTP Server 2.1	2.1.9				9	10	13	0
96	Apache HTTP Server 2.0	2.0.9				9	22	54	4
97	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
98	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
99	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
100	Apache HTTP Server 1.99	1.99				9	12	12	0
101	Apache HTTP Server 1.4	1.4.0				9	12	12	0
102	Apache HTTP Server 1.3	1.3.9				10	28	43	3
103	Apache HTTP Server 1.2	1.2.9				9	17	19	0
104	Apache HTTP Server 1.15	1.15.17				9	13	12	0
105	Apache HTTP Server 1.1	1.1.1				9	19	20	0
106	Apache HTTP Server 1.0	1.0.5				9	18	20	0
107	Apache HTTP Server 0.8	0.8.14				9	17	19	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
91	8.1 6.8	HIGH Network	In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could…	CWE-20 Improper Input Validation	CVE-2017-15715	cpe:2.3:a:apache:http_server::	2.4.0	2.4.29		2024-11-21 12:15 2018-03-27	Show	GitHub Exploit DB Packet Storm

92	7.5 5.0	HIGH Network	In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset en…	CWE-787 Out-of-bounds Write	CVE-2017-15710	cpe:2.3:a:apache:http_server:2.4.9:* cpe:2.3:a:apache:http_server:2.4.7:* cpe:2.3:a:apache:http_server:2.4.6:*				2024-11-21 12:15 2018-03-27	Show	GitHub Exploit DB Packet Storm

93	4.3 3.3	MEDIUM Adjacent	Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the se…	-	CVE-2016-8612	cpe:2.3:a:apache:http_server::			2.4.23	2024-11-21 11:59 2018-03-10	Show	GitHub Exploit DB Packet Storm

94	7.5 5.0	HIGH Network	Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsb…	CWE-416 Use After Free	CVE-2017-9798	cpe:2.3:a:apache:http_server:2.4.9:* cpe:2.3:a:apache:http_server:2.4.7:* cpe:2.3:a:apache:http_server:2.4.6:*		2.2.34		2024-11-21 12:36 2017-09-19	Show	GitHub Exploit DB Packet Storm

95	7.5 5.0	HIGH Network	In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.	CWE-20 Improper Input Validation	CVE-2016-2161	cpe:2.3:a:apache:http_server:2.4.9:* cpe:2.3:a:apache:http_server:2.4.8:* cpe:2.3:a:apache:http_server:2.4.7:*				2024-11-21 11:47 2017-07-28	Show	GitHub Exploit DB Packet Storm

96	7.5 5.0	HIGH Network	In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by defaul…	CWE-310 Cryptographic Issues	CVE-2016-0736	cpe:2.3:a:apache:http_server:2.4.9:* cpe:2.3:a:apache:http_server:2.4.8:* cpe:2.3:a:apache:http_server:2.4.7:*				2024-11-21 11:42 2017-07-28	Show	GitHub Exploit DB Packet Storm

97	7.5 5.0	HIGH Network	Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors repres…	NVD-CWE-noinfo	CVE-2016-8743	cpe:2.3:a:apache:http_server::	2.4.1 2.2.0	2.4.23 2.2.31		2024-11-21 11:59 2017-07-28	Show	GitHub Exploit DB Packet Storm

98	7.5 5.0	HIGH Network	A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process.	CWE-476 NULL Pointer Dereference	CVE-2017-7659	cpe:2.3:a:apache:http_server:2.4.25:* cpe:2.3:a:apache:http_server:2.4.24:*				2024-11-21 12:32 2017-07-27	Show	GitHub Exploit DB Packet Storm

99	7.5 5.0	HIGH Network	When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.	CWE-416 Use After Free	CVE-2017-9789	cpe:2.3:a:apache:http_server:2.4.26:*				2024-11-21 12:36 2017-07-14	Show	GitHub Exploit DB Packet Storm

100	9.1 6.4	CRITICAL Network	In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assi…	CWE-200 CWE-20 Information Exposure Improper Input Validation	CVE-2017-9788	cpe:2.3:a:apache:http_server::	2.4.0	2.2.33 2.4.26		2024-11-21 12:36 2017-07-14	Show	GitHub Exploit DB Packet Storm