Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

298

CRITICAL

HIGH

101

MEDIUM

159

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	オープンソース Apache License v2.0

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
101	New!! Apache HTTP Server 2.4	2.4.68	June 8, 2026	Feb. 21, 2012		22	39	36	1
102	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	9	29	73	5
103	Apache HTTP Server 2.3	2.3.9				8	10	9	0
104	Apache HTTP Server 2.2	2.2.9				12	21	69	7
105	Apache HTTP Server 2.1	2.1.9				9	10	13	0
106	Apache HTTP Server 2.0	2.0.9				9	22	54	4
107	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
108	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
109	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
110	Apache HTTP Server 1.99	1.99				9	12	12	0
111	Apache HTTP Server 1.4	1.4.0				9	12	12	0
112	Apache HTTP Server 1.3	1.3.9				10	28	43	3
113	Apache HTTP Server 1.2	1.2.9				9	17	19	0
114	Apache HTTP Server 1.15	1.15.17				9	13	12	0
115	Apache HTTP Server 1.1	1.1.1				9	19	20	0
116	Apache HTTP Server 1.0	1.0.5				9	18	20	0
117	Apache HTTP Server 0.8	0.8.14				9	17	19	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
101	9.8 7.5	CRITICAL Network	In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2017-7679	cpe:2.3:a:apache:http_server::	2.2.0 2.4.0		2.2.33 2.4.26	2024-11-21 12:32 2017-06-20	Show	GitHub Exploit DB Packet Storm

102	9.8 7.5	CRITICAL Network	In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.	CWE-476 NULL Pointer Dereference	CVE-2017-3169	cpe:2.3:a:apache:http_server:2.4.2:* cpe:2.3:a:apache:http_server:2.4.25:* cpe:2.3:a:apache:http_server:2.4.23:*<…				2024-11-21 12:24 2017-06-20	Show	GitHub Exploit DB Packet Storm

103	7.5 5.0	HIGH Network	The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously…	CWE-125 Out-of-bounds Read	CVE-2017-7668	cpe:2.3:a:apache:http_server:2.4.25:* cpe:2.3:a:apache:http_server:2.4.24:* cpe:2.3:a:apache:http_server:2.2.32:*				2024-11-21 12:32 2017-06-20	Show	GitHub Exploit DB Packet Storm

104	9.8 7.5	CRITICAL Network	In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being…	CWE-287 Improper Authentication	CVE-2017-3167	cpe:2.3:a:apache:http_server::	2.2.0 2.4.0		2.2.33 2.4.26	2024-11-21 12:24 2017-06-20	Show	GitHub Exploit DB Packet Storm

105	7.5 5.0	HIGH Network	The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to ca…	CWE-20 CWE-399 Improper Input Validation Resource Management Errors	CVE-2016-8740	cpe:2.3:a:apache:http_server:2.4.23:* cpe:2.3:a:apache:http_server:2.4.22:* cpe:2.3:a:apache:http_server:2.4.21:*…				2024-11-21 11:59 2016-12-6	Show	GitHub Exploit DB Packet Storm

106	8.1 6.8	HIGH Network	The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, wh…	NVD-CWE-noinfo	CVE-2016-5387	cpe:2.3:a:apache:http_server::	2.4.1 2.2.0	2.4.23 2.2.31		2024-11-21 11:54 2016-07-19	Show	GitHub Exploit DB Packet Storm

107	7.5 5.0	HIGH Network	The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allow…	CWE-284 Improper Access Control	CVE-2016-4979	cpe:2.3:a:apache:http_server:2.4.20:* cpe:2.3:a:apache:http_server:2.4.19:* cpe:2.3:a:apache:http_server:2.4.18:*				2024-11-21 11:53 2016-07-6	Show	GitHub Exploit DB Packet Storm

108	5.9 4.3	MEDIUM Network	The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a …	CWE-399 Resource Management Errors	CVE-2016-1546	cpe:2.3:a:apache:http_server:2.4.18:* cpe:2.3:a:apache:http_server:2.4.17:*				2024-11-21 11:46 2016-07-6	Show	GitHub Exploit DB Packet Storm

109	- 4.3	MEDIUM	The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather …	CWE-264 Permissions, Privileges, and Access Controls	CVE-2015-3185	cpe:2.3:a:apache:http_server:2.4.9:* cpe:2.3:a:apache:http_server:2.4.8:* cpe:2.3:a:apache:http_server:2.4.7:*				2024-11-21 11:28 2015-07-21	Show	GitHub Exploit DB Packet Storm

110	- 5.0	MEDIUM	The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a…	CWE-20 CWE-17 Improper Input Validation Code	CVE-2015-3183	cpe:2.3:a:apache:http_server::	2.2.0 2.4.0		2.2.31 2.4.16	2024-11-21 11:28 2015-07-21	Show	GitHub Exploit DB Packet Storm