Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

298

CRITICAL

HIGH

101

MEDIUM

159

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	オープンソース Apache License v2.0

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
111	New!! Apache HTTP Server 2.4	2.4.68	June 8, 2026	Feb. 21, 2012		22	39	36	1
112	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	9	29	73	5
113	Apache HTTP Server 2.3	2.3.9				8	10	9	0
114	Apache HTTP Server 2.2	2.2.9				12	21	69	7
115	Apache HTTP Server 2.1	2.1.9				9	10	13	0
116	Apache HTTP Server 2.0	2.0.9				9	22	54	4
117	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
118	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
119	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
120	Apache HTTP Server 1.99	1.99				9	12	12	0
121	Apache HTTP Server 1.4	1.4.0				9	12	12	0
122	Apache HTTP Server 1.3	1.3.9				10	28	43	3
123	Apache HTTP Server 1.2	1.2.9				9	17	19	0
124	Apache HTTP Server 1.15	1.15.17				9	13	12	0
125	Apache HTTP Server 1.1	1.1.1				9	19	20	0
126	Apache HTTP Server 1.0	1.0.5				9	18	20	0
127	Apache HTTP Server 0.8	0.8.14				9	17	19	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
111	- 5.0	MEDIUM	The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NUL…	NVD-CWE-Other	CVE-2015-0253	cpe:2.3:a:apache:http_server:2.4.12:*				2024-11-21 11:22 2015-07-21	Show	GitHub Exploit DB Packet Storm

112	- 5.0	MEDIUM	The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a…	CWE-20 Improper Input Validation	CVE-2015-0228	cpe:2.3:a:apache:http_server::		2.4.12		2024-11-21 11:22 2015-03-8	Show	GitHub Exploit DB Packet Storm

113	- 4.3	MEDIUM	mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different ar…	CWE-863 Incorrect Authorization	CVE-2014-8109	cpe:2.3:a:apache:http_server:2.4.9:* cpe:2.3:a:apache:http_server:2.4.7:* cpe:2.3:a:apache:http_server:2.4.6:*				2024-11-21 11:18 2014-12-30	Show	GitHub Exploit DB Packet Storm

114	- 5.0	MEDIUM	The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon c…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2014-3583	cpe:2.3:a:apache:http_server:2.4.10:*				2024-11-21 11:08 2014-12-16	Show	GitHub Exploit DB Packet Storm

115	- 5.0	MEDIUM	The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer d…	CWE-476 NULL Pointer Dereference	CVE-2014-3581	cpe:2.3:a:apache:http_server:2.4.9:* cpe:2.3:a:apache:http_server:2.4.7:* cpe:2.3:a:apache:http_server:2.4.6:*				2024-11-21 11:08 2014-10-10	Show	GitHub Exploit DB Packet Storm

116	- 5.0	MEDIUM	Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote…	CWE-399 Resource Management Errors	CVE-2014-3523	cpe:2.3:a:apache:http_server:2.4.9:* cpe:2.3:a:apache:http_server:2.4.8:* cpe:2.3:a:apache:http_server:2.4.7:*				2024-11-21 11:08 2014-07-20	Show	GitHub Exploit DB Packet Storm

117	- 5.0	MEDIUM	The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script …	CWE-399 Resource Management Errors	CVE-2014-0231	cpe:2.3:a:apache:http_server::	2.2.0 2.4.0		2.2.29 2.4.10	2024-11-21 11:01 2014-07-20	Show	GitHub Exploit DB Packet Storm

118	- 6.8	MEDIUM	Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credent…	CWE-362 Race Condition	CVE-2014-0226	cpe:2.3:a:apache:http_server::	2.2.0 2.4.1		2.2.29 2.4.10	2024-11-21 11:01 2014-07-20	Show	GitHub Exploit DB Packet Storm

119	- 4.3	MEDIUM	The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denia…	CWE-400 Uncontrolled Resource Consumption	CVE-2014-0118	cpe:2.3:a:apache:http_server::	2.2.0 2.4.1		2.2.29 2.4.10	2024-11-21 11:01 2014-07-20	Show	GitHub Exploit DB Packet Storm

120	- 4.3	MEDIUM	The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Conn…	CWE-20 Improper Input Validation	CVE-2014-0117	cpe:2.3:a:apache:http_server:2.4.9:* cpe:2.3:a:apache:http_server:2.4.8:* cpe:2.3:a:apache:http_server:2.4.7:*				2024-11-21 11:01 2014-07-20	Show	GitHub Exploit DB Packet Storm