Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

298

CRITICAL

HIGH

101

MEDIUM

159

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	オープンソース Apache License v2.0

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
141	New!! Apache HTTP Server 2.4	2.4.68	June 8, 2026	Feb. 21, 2012		22	39	36	1
142	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	9	29	73	5
143	Apache HTTP Server 2.3	2.3.9				8	10	9	0
144	Apache HTTP Server 2.2	2.2.9				12	21	69	7
145	Apache HTTP Server 2.1	2.1.9				9	10	13	0
146	Apache HTTP Server 2.0	2.0.9				9	22	54	4
147	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
148	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
149	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
150	Apache HTTP Server 1.99	1.99				9	12	12	0
151	Apache HTTP Server 1.4	1.4.0				9	12	12	0
152	Apache HTTP Server 1.3	1.3.9				10	28	43	3
153	Apache HTTP Server 1.2	1.2.9				9	17	19	0
154	Apache HTTP Server 1.15	1.15.17				9	13	12	0
155	Apache HTTP Server 1.1	1.1.1				9	19	20	0
156	Apache HTTP Server 1.0	1.0.5				9	18	20	0
157	Apache HTTP Server 0.8	0.8.14				9	17	19	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
141	- 4.4	MEDIUM	Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to ga…	CWE-189 Numeric Errors	CVE-2011-3607	cpe:2.3:a:apache:http_server:2.2.9:* cpe:2.3:a:apache:http_server:2.2.8:* cpe:2.3:a:apache:http_server:2.2.6:*				2024-11-21 10:30 2011-11-8	Show	GitHub Exploit DB Packet Storm

142	- 5.0	MEDIUM	The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch patte…	CWE-20 Improper Input Validation	CVE-2011-3368	cpe:2.3:a:apache:http_server:2.2.9:* cpe:2.3:a:apache:http_server:2.2.8:* cpe:2.3:a:apache:http_server:2.2.6:*				2024-11-21 10:30 2011-10-6	Show	GitHub Exploit DB Packet Storm

143	- 4.3	MEDIUM	The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error s…	CWE-400 Uncontrolled Resource Consumption	CVE-2011-3348	cpe:2.3:a:apache:http_server::	2.2.12	2.2.20		2024-11-21 10:30 2011-09-20	Show	GitHub Exploit DB Packet Storm

144	- 7.8	HIGH	The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range head…	CWE-400 Uncontrolled Resource Consumption	CVE-2011-3192	cpe:2.3:a:apache:http_server::	2.2.0 2.0.35		2.2.20 2.0.65	2024-11-21 10:29 2011-08-30	Show	GitHub Exploit DB Packet Storm

145	- 4.3	MEDIUM	The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infi…	CWE-399 Resource Management Errors	CVE-2011-1928	cpe:2.3:a:apache:http_server:2.2.18:*				2024-11-21 10:27 2011-05-25	Show	GitHub Exploit DB Packet Storm

146	- 4.3	MEDIUM	Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in …	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2011-0419	cpe:2.3:a:apache:http_server::	2.0.0 2.2.0	2.0.65 2.2.18		2024-11-21 10:23 2011-05-17	Show	GitHub Exploit DB Packet Storm

147	- 5.0	MEDIUM	Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Ap…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2010-1623	cpe:2.3:a:apache:http_server::	2.0.35 2.2.0		2.0.64 2.2.17	2024-11-21 10:14 2010-10-5	Show	GitHub Exploit DB Packet Storm

148	- 5.0	MEDIUM	mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remo…	CWE-200 Information Exposure	CVE-2010-2791	cpe:2.3:a:apache:http_server:2.2.9:*				2024-11-21 10:17 2010-08-6	Show	GitHub Exploit DB Packet Storm

149	- 5.0	MEDIUM	The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.	NVD-CWE-Other	CVE-2010-1452	cpe:2.3:a:apache:http_server::	2.0.35 2.2.0		2.0.64 2.2.16	2024-11-21 10:14 2010-07-29	Show	GitHub Exploit DB Packet Storm

150	- 5.0	MEDIUM	mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, …	CWE-200 Information Exposure	CVE-2010-2068	cpe:2.3:a:apache:http_server:2.3.5:alpha cpe:2.3:a:apache:http_server:2.3.4:alpha cpe:2.3:a:apache:http_server:2.…				2024-11-21 10:15 2010-06-19	Show	GitHub Exploit DB Packet Storm