Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

298

CRITICAL

HIGH

101

MEDIUM

159

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	オープンソース Apache License v2.0

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
171	New!! Apache HTTP Server 2.4	2.4.68	June 8, 2026	Feb. 21, 2012		22	39	36	1
172	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	9	29	73	5
173	Apache HTTP Server 2.3	2.3.9				8	10	9	0
174	Apache HTTP Server 2.2	2.2.9				12	21	69	7
175	Apache HTTP Server 2.1	2.1.9				9	10	13	0
176	Apache HTTP Server 2.0	2.0.9				9	22	54	4
177	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
178	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
179	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
180	Apache HTTP Server 1.99	1.99				9	12	12	0
181	Apache HTTP Server 1.4	1.4.0				9	12	12	0
182	Apache HTTP Server 1.3	1.3.9				10	28	43	3
183	Apache HTTP Server 1.2	1.2.9				9	17	19	0
184	Apache HTTP Server 1.15	1.15.17				9	13	12	0
185	Apache HTTP Server 1.1	1.1.1				9	19	20	0
186	Apache HTTP Server 1.0	1.0.5				9	18	20	0
187	Apache HTTP Server 0.8	0.8.14				9	17	19	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
171	- 5.0	MEDIUM	The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allo…	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2008-2364	cpe:2.3:a:apache:http_server::	2.0.35 2.2.0		2.0.64 2.2.9	2026-04-23 09:35 2008-06-14	Show	GitHub Exploit DB Packet Storm

172	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displayin…	CWE-79 Cross-site Scripting	CVE-2008-2168	cpe:2.3:a:apache:http_server:2.2:* cpe:2.3:a:apache:http_server:2.2.4:* cpe:2.3:a:apache:http_server:2.2.3:* c…				2026-04-23 09:35 2008-05-14	Show	GitHub Exploit DB Packet Storm

173	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier …	CWE-79 Cross-site Scripting	CVE-2008-0455	cpe:2.3:a:apache:http_server::	2.2.0 2.4.1		2.2.23 2.4.3	2026-04-23 09:35 2008-01-25	Show	GitHub Exploit DB Packet Storm

174	- 2.6	LOW	CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x…	CWE-74 Injection	CVE-2008-0456	cpe:2.3:a:apache:http_server::	2.2.0		2.2.12	2026-04-23 09:35 2008-01-25	Show	GitHub Exploit DB Packet Storm

175	- 4.3	MEDIUM	Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.	CWE-352 Origin Validation Error	CVE-2007-6420	cpe:2.3:a:apache:http_server:2.2.8:* cpe:2.3:a:apache:http_server:2.2.6:* cpe:2.3:a:apache:http_server:2.2.5:*				2026-04-23 09:35 2008-01-12	Show	GitHub Exploit DB Packet Storm

176	- 7.8	HIGH	Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the…	CWE-399 Resource Management Errors	CVE-2007-6423	cpe:2.3:a:apache:http_server:2.2.6:* cpe:2.3:a:apache:http_server:2.2.4:* cpe:2.3:a:apache:http_server:2.2.3:*				2026-04-23 09:35 2008-01-12	Show	GitHub Exploit DB Packet Storm

177	- 4.3	MEDIUM	mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) att…	CWE-79 Cross-site Scripting	CVE-2008-0005	cpe:2.3:a:apache:http_server::	2.0.35 2.2.0		2.0.63 2.2.8	2026-04-23 09:35 2008-01-12	Show	GitHub Exploit DB Packet Storm

178	- 3.5	LOW	Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the…	CWE-79 Cross-site Scripting	CVE-2007-6421	cpe:2.3:a:apache:http_server:2.2:* cpe:2.3:a:apache:http_server:2.2.6:* cpe:2.3:a:apache:http_server:2.2.4:* c…				2026-04-23 09:35 2008-01-9	Show	GitHub Exploit DB Packet Storm

179	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows r…	CWE-79 Cross-site Scripting	CVE-2007-6388	cpe:2.3:a:apache:http_server::	1.3.2 2.0.35 2.2.0	1.3.39 2.0.61 2.2.6		2026-04-23 09:35 2008-01-9	Show	GitHub Exploit DB Packet Storm

180	- 4.0	MEDIUM	The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial…	CWE-399 Resource Management Errors	CVE-2007-6422	cpe:2.3:a:apache:http_server:2.2:* cpe:2.3:a:apache:http_server:2.2.6:* cpe:2.3:a:apache:http_server:2.2.4:* c…				2026-04-23 09:35 2008-01-9	Show	GitHub Exploit DB Packet Storm