Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

298

CRITICAL

HIGH

101

MEDIUM

159

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	オープンソース Apache License v2.0

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
131	New!! Apache HTTP Server 2.4	2.4.68	June 8, 2026	Feb. 21, 2012		22	39	36	1
132	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	9	29	73	5
133	Apache HTTP Server 2.3	2.3.9				8	10	9	0
134	Apache HTTP Server 2.2	2.2.9				12	21	69	7
135	Apache HTTP Server 2.1	2.1.9				9	10	13	0
136	Apache HTTP Server 2.0	2.0.9				9	22	54	4
137	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
138	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
139	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
140	Apache HTTP Server 1.99	1.99				9	12	12	0
141	Apache HTTP Server 1.4	1.4.0				9	12	12	0
142	Apache HTTP Server 1.3	1.3.9				10	28	43	3
143	Apache HTTP Server 1.2	1.2.9				9	17	19	0
144	Apache HTTP Server 1.15	1.15.17				9	13	12	0
145	Apache HTTP Server 1.1	1.1.1				9	19	20	0
146	Apache HTTP Server 1.0	1.0.5				9	18	20	0
147	Apache HTTP Server 0.8	0.8.14				9	17	19	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
131	- 4.3	MEDIUM	The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determi…	CWE-200 Information Exposure	CVE-2012-3502	cpe:2.3:a:apache:http_server:2.4.2:* cpe:2.3:a:apache:http_server:2.4.1:* cpe:2.3:a:apache:http_server:2.4.0:*				2024-11-21 10:41 2012-08-23	Show	GitHub Exploit DB Packet Storm

132	- 2.6	LOW	Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiVi…	CWE-79 Cross-site Scripting	CVE-2012-2687	cpe:2.3:a:apache:http_server:2.4.2:* cpe:2.3:a:apache:http_server:2.4.1:* cpe:2.3:a:apache:http_server:2.4.0:*				2024-11-21 10:39 2012-08-23	Show	GitHub Exploit DB Packet Storm

133	- 6.9	MEDIUM	envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the …	NVD-CWE-noinfo	CVE-2012-0883	cpe:2.3:a:apache:http_server:2.4.1:* cpe:2.3:a:apache:http_server::	2.2.0		2.2.23	2024-11-21 10:35 2012-04-18	Show	GitHub Exploit DB Packet Storm

134	- 4.3	MEDIUM	protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to …	NVD-CWE-noinfo	CVE-2012-0053	cpe:2.3:a:apache:http_server::	2.0.0 2.2.0		2.0.65 2.2.22	2024-11-21 10:34 2012-01-28	Show	GitHub Exploit DB Packet Storm

135	- 2.6	LOW	The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, w…	CWE-20 Improper Input Validation	CVE-2012-0021	cpe:2.3:a:apache:http_server:2.2.21:* cpe:2.3:a:apache:http_server:2.2.20:* cpe:2.3:a:apache:http_server:2.2.19:*…				2024-11-21 10:34 2012-01-28	Show	GitHub Exploit DB Packet Storm

136	- 4.6	MEDIUM	scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a …	NVD-CWE-noinfo	CVE-2012-0031	cpe:2.3:a:apache:http_server::	2.0.0 2.2.0		2.0.65 2.2.22	2024-11-21 10:34 2012-01-19	Show	GitHub Exploit DB Packet Storm

137	- 5.0	MEDIUM	The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtime…	CWE-399 Resource Management Errors	CVE-2007-6750	cpe:2.3:a:apache:http_server:2.2:* cpe:2.3:a:apache:http_server:2.2.9:* cpe:2.3:a:apache:http_server:2.2.8:* c…		2.2.14		2024-11-21 09:40 2011-12-28	Show	GitHub Exploit DB Packet Storm

138	- 4.3	MEDIUM	The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use o…	CWE-20 Improper Input Validation	CVE-2011-4317	cpe:2.3:a:apache:http_server:2.2.9:* cpe:2.3:a:apache:http_server:2.2.8:* cpe:2.3:a:apache:http_server:2.2.6:*				2024-11-21 10:32 2011-11-30	Show	GitHub Exploit DB Packet Storm

139	- 4.3	MEDIUM	The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2…	CWE-20 Improper Input Validation	CVE-2011-3639	cpe:2.3:a:apache:http_server:2.2.9:* cpe:2.3:a:apache:http_server:2.2.8:* cpe:2.3:a:apache:http_server:2.2.6:*				2024-11-21 10:30 2011-11-30	Show	GitHub Exploit DB Packet Storm

140	- 1.2	LOW	The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of envi…	CWE-20 Improper Input Validation	CVE-2011-4415	cpe:2.3:a:apache:http_server:2.2.9:* cpe:2.3:a:apache:http_server:2.2.8:* cpe:2.3:a:apache:http_server:2.2.6:*				2024-11-21 10:32 2011-11-8	Show	GitHub Exploit DB Packet Storm