Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

298

CRITICAL

HIGH

101

MEDIUM

159

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	オープンソース Apache License v2.0

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
121	New!! Apache HTTP Server 2.4	2.4.68	June 8, 2026	Feb. 21, 2012		22	39	36	1
122	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	9	29	73	5
123	Apache HTTP Server 2.3	2.3.9				8	10	9	0
124	Apache HTTP Server 2.2	2.2.9				12	21	69	7
125	Apache HTTP Server 2.1	2.1.9				9	10	13	0
126	Apache HTTP Server 2.0	2.0.9				9	22	54	4
127	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
128	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
129	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
130	Apache HTTP Server 1.99	1.99				9	12	12	0
131	Apache HTTP Server 1.4	1.4.0				9	12	12	0
132	Apache HTTP Server 1.3	1.3.9				10	28	43	3
133	Apache HTTP Server 1.2	1.2.9				9	17	19	0
134	Apache HTTP Server 1.15	1.15.17				9	13	12	0
135	Apache HTTP Server 1.1	1.1.1				9	19	20	0
136	Apache HTTP Server 1.0	1.0.5				9	18	20	0
137	Apache HTTP Server 0.8	0.8.14				9	17	19	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
121	- 4.3	MEDIUM	The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a …	NVD-CWE-Other	CVE-2013-4352	cpe:2.3:a:apache:http_server:2.4.6:*				2024-11-21 10:55 2014-07-20	Show	GitHub Exploit DB Packet Storm

122	- 5.0	MEDIUM	The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfe…	NVD-CWE-noinfo	CVE-2013-5704	cpe:2.3:a:apache:http_server:2.4.9:* cpe:2.3:a:apache:http_server:2.4.7:* cpe:2.3:a:apache:http_server:2.4.6:*				2024-11-21 10:57 2014-04-15	Show	GitHub Exploit DB Packet Storm

123	- 5.0	MEDIUM	The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon cra…	NVD-CWE-noinfo	CVE-2014-0098	cpe:2.3:a:apache:http_server::	2.2.0 2.4.1		2.2.27 2.4.9	2024-11-21 11:01 2014-03-18	Show	GitHub Exploit DB Packet Storm

124	- 5.0	MEDIUM	The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote atta…	NVD-CWE-noinfo	CVE-2013-6438	cpe:2.3:a:apache:http_server::	2.2.0 2.4.1		2.2.27 2.4.9	2024-11-21 10:59 2014-03-18	Show	GitHub Exploit DB Packet Storm

125	- 7.5	HIGH	mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new ses…	NVD-CWE-noinfo	CVE-2013-2249	cpe:2.3:a:apache:http_server::	2.4.1	2.4.4		2024-11-21 10:51 2013-07-24	Show	GitHub Exploit DB Packet Storm

126	- 4.3	MEDIUM	mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a M…	NVD-CWE-noinfo	CVE-2013-1896	cpe:2.3:a:apache:http_server::	2.2.0 2.4.1		2.2.25 2.4.6	2024-11-21 10:50 2013-07-11	Show	GitHub Exploit DB Packet Storm

127	- 5.1	MEDIUM	mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to exec…	NVD-CWE-noinfo	CVE-2013-1862	cpe:2.3:a:apache:http_server::	2.2.0 2.0.0		2.2.25 2.0.65	2024-11-21 10:50 2013-06-11	Show	GitHub Exploit DB Packet Storm

128	- 4.3	MEDIUM	Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x …	CWE-79 Cross-site Scripting	CVE-2012-4558	cpe:2.3:a:apache:http_server:2.4.3:* cpe:2.3:a:apache:http_server:2.4.2:* cpe:2.3:a:apache:http_server:2.4.1:*				2024-11-21 10:43 2013-02-27	Show	GitHub Exploit DB Packet Storm

129	- 4.3	MEDIUM	Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors …	CWE-79 Cross-site Scripting	CVE-2012-3499	cpe:2.3:a:apache:http_server:2.4.3:* cpe:2.3:a:apache:http_server:2.4.2:* cpe:2.3:a:apache:http_server:2.4.1:*				2024-11-21 10:41 2013-02-27	Show	GitHub Exploit DB Packet Storm

130	- 5.0	MEDIUM	The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to ca…	CWE-399 Resource Management Errors	CVE-2012-4557	cpe:2.3:a:apache:http_server:2.2.21:* cpe:2.3:a:apache:http_server:2.2.20:* cpe:2.3:a:apache:http_server:2.2.19:*…				2024-11-21 10:43 2012-12-1	Show	GitHub Exploit DB Packet Storm