Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

298

CRITICAL

HIGH

101

MEDIUM

159

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	オープンソース Apache License v2.0

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
151	New!! Apache HTTP Server 2.4	2.4.68	June 8, 2026	Feb. 21, 2012		22	39	36	1
152	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	9	29	73	5
153	Apache HTTP Server 2.3	2.3.9				8	10	9	0
154	Apache HTTP Server 2.2	2.2.9				12	21	69	7
155	Apache HTTP Server 2.1	2.1.9				9	10	13	0
156	Apache HTTP Server 2.0	2.0.9				9	22	54	4
157	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
158	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
159	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
160	Apache HTTP Server 1.99	1.99				9	12	12	0
161	Apache HTTP Server 1.4	1.4.0				9	12	12	0
162	Apache HTTP Server 1.3	1.3.9				10	28	43	3
163	Apache HTTP Server 1.2	1.2.9				9	17	19	0
164	Apache HTTP Server 1.15	1.15.17				9	13	12	0
165	Apache HTTP Server 1.1	1.1.1				9	19	20	0
166	Apache HTTP Server 1.0	1.0.5				9	18	20	0
167	Apache HTTP Server 0.8	0.8.14				9	17	19	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
151	- 4.3	MEDIUM	The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumsta…	CWE-200 Information Exposure	CVE-2010-0434	cpe:2.3:a:apache:http_server::	2.0.35 2.2.0		2.0.64 2.2.15	2023-02-13 13:16 2010-03-6	Show	GitHub Exploit DB Packet Storm

152	- 10.0	HIGH	modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request proces…	NVD-CWE-noinfo	CVE-2010-0425	cpe:2.3:a:apache:http_server:2.3.6:* cpe:2.3:a:apache:http_server:2.3.5:* cpe:2.3:a:apache:http_server:2.3.4:*				2024-02-14 10:17 2010-03-6	Show	GitHub Exploit DB Packet Storm

153	- 5.0	MEDIUM	The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body…	NVD-CWE-Other	CVE-2010-0408	cpe:2.3:a:apache:http_server:2.2:* cpe:2.3:a:apache:http_server:2.2.9:* cpe:2.3:a:apache:http_server:2.2.8:* c…				2023-11-2 00:32 2010-03-6	Show	GitHub Exploit DB Packet Storm

154	- 4.3	MEDIUM	The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which al…	CWE-189 Numeric Errors	CVE-2003-1580	cpe:2.3:a:apache:http_server:2.0.44:*				2010-02-8 14:00 2010-02-6	Show	GitHub Exploit DB Packet Storm

155	- 2.6	LOW	The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafte…	CWE-79 Cross-site Scripting	CVE-2003-1581	cpe:2.3:a:apache:http_server:2.0.44:*				2010-02-8 14:00 2010-02-6	Show	GitHub Exploit DB Packet Storm

156	- 6.8	MEDIUM	Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of serv…	CWE-189 Numeric Errors	CVE-2010-0010	cpe:2.3:a:apache:http_server:1.3:* cpe:2.3:a:apache:http_server:1.3.4:* cpe:2.3:a:apache:http_server:1.3.40:* …		1.3.41		2023-11-7 11:04 2010-02-3	Show	GitHub Exploit DB Packet Storm

157	- 5.0	MEDIUM	The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via a…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2009-3560	cpe:2.3:a:apache:http_server::	2.0.35 2.2.0		2.0.64 2.2.17	2026-04-23 09:35 2009-12-5	Show	GitHub Exploit DB Packet Storm

158	- 5.8	MEDIUM	The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9…	CWE-295 Improper Certificate Validation	CVE-2009-3555	cpe:2.3:a:apache:http_server::		2.2.14		2026-04-23 09:35 2009-11-10	Show	GitHub Exploit DB Packet Storm

159	- 5.0	MEDIUM	The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service …	NVD-CWE-noinfo	CVE-2009-3720	cpe:2.3:a:apache:http_server::	2.0.35 2.2.0		2.0.64 2.2.17	2026-04-23 09:35 2009-11-4	Show	GitHub Exploit DB Packet Storm

160	7.5 5.0	HIGH Network	The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products…	CWE-667 Improper Locking	CVE-2009-2699	cpe:2.3:a:apache:http_server::	2.2.0		2.2.14	2026-04-23 09:35 2009-10-13	Show	GitHub Exploit DB Packet Storm