Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

298

CRITICAL

HIGH

101

MEDIUM

159

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	オープンソース Apache License v2.0

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
161	New!! Apache HTTP Server 2.4	2.4.68	June 8, 2026	Feb. 21, 2012		22	39	36	1
162	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	9	29	73	5
163	Apache HTTP Server 2.3	2.3.9				8	10	9	0
164	Apache HTTP Server 2.2	2.2.9				12	21	69	7
165	Apache HTTP Server 2.1	2.1.9				9	10	13	0
166	Apache HTTP Server 2.0	2.0.9				9	22	54	4
167	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
168	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
169	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
170	Apache HTTP Server 1.99	1.99				9	12	12	0
171	Apache HTTP Server 1.4	1.4.0				9	12	12	0
172	Apache HTTP Server 1.3	1.3.9				10	28	43	3
173	Apache HTTP Server 1.2	1.2.9				9	17	19	0
174	Apache HTTP Server 1.15	1.15.17				9	13	12	0
175	Apache HTTP Server 1.1	1.1.1				9	19	20	0
176	Apache HTTP Server 1.0	1.0.5				9	18	20	0
177	Apache HTTP Server 0.8	0.8.14				9	17	19	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
161	- 5.0	MEDIUM	The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of …	NVD-CWE-Other	CVE-2009-3095	cpe:2.3:a:apache:http_server::	2.0.35 2.2.0		2.0.64 2.2.14	2026-04-23 09:35 2009-09-9	Show	GitHub Exploit DB Packet Storm

162	- 2.6	LOW	The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL poi…	CWE-476 NULL Pointer Dereference	CVE-2009-3094	cpe:2.3:a:apache:http_server::	2.0.35 2.2.0		2.0.64 2.2.14	2026-04-23 09:35 2009-09-9	Show	GitHub Exploit DB Packet Storm

163	- 7.1	HIGH	The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a deni…	CWE-400 Uncontrolled Resource Consumption	CVE-2009-1891	cpe:2.3:a:apache:http_server::	2.0.35 2.2.0		2.0.64 2.2.12	2026-04-23 09:35 2009-07-11	Show	GitHub Exploit DB Packet Storm

164	- 7.1	HIGH	The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed d…	CWE-400 Uncontrolled Resource Consumption	CVE-2009-1890	cpe:2.3:a:apache:http_server::	2.2.0		2.2.12	2026-04-23 09:35 2009-07-6	Show	GitHub Exploit DB Packet Storm

165	- 6.4	MEDIUM	Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (appl…	CWE-189 Numeric Errors	CVE-2009-1956	cpe:2.3:a:apache:http_server::	2.2.0		2.2.12	2026-04-23 09:35 2009-06-8	Show	GitHub Exploit DB Packet Storm

166	7.5 5.0	HIGH Network	The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to …	CWE-776 XML Entity Expansion	CVE-2009-1955	cpe:2.3:a:apache:http_server::	2.2.0		2.2.12	2026-04-23 09:35 2009-06-8	Show	GitHub Exploit DB Packet Storm

167	- 4.3	MEDIUM	The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2009-0023	cpe:2.3:a:apache:http_server::	2.2.0		2.2.12	2026-04-23 09:35 2009-06-8	Show	GitHub Exploit DB Packet Storm

168	- 4.9	MEDIUM	The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) O…	CWE-16 Configuration	CVE-2009-1195	cpe:2.3:a:apache:http_server:2.2.9:* cpe:2.3:a:apache:http_server:2.2.8:* cpe:2.3:a:apache:http_server:2.2.7:*				2026-04-23 09:35 2009-05-29	Show	GitHub Exploit DB Packet Storm

169	- 5.0	MEDIUM	mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no…	NVD-CWE-noinfo	CVE-2009-1191	cpe:2.3:a:apache:http_server:2.2.11:*				2026-04-23 09:35 2009-04-24	Show	GitHub Exploit DB Packet Storm

170	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versi…	CWE-79 Cross-site Scripting	CVE-2008-2939	cpe:2.3:a:apache:http_server::	2.2.0	2.0.63 2.2.9		2026-04-23 09:35 2008-08-7	Show	GitHub Exploit DB Packet Storm