Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

298

CRITICAL

HIGH

101

MEDIUM

159

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	オープンソース Apache License v2.0

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
11	New!! Apache HTTP Server 2.4	2.4.68	June 8, 2026	Feb. 21, 2012		22	39	36	1
12	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	9	29	73	5
13	Apache HTTP Server 2.3	2.3.9				8	10	9	0
14	Apache HTTP Server 2.2	2.2.9				12	21	69	7
15	Apache HTTP Server 2.1	2.1.9				9	10	13	0
16	Apache HTTP Server 2.0	2.0.9				9	22	54	4
17	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
18	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
19	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
20	Apache HTTP Server 1.99	1.99				9	12	12	0
21	Apache HTTP Server 1.4	1.4.0				9	12	12	0
22	Apache HTTP Server 1.3	1.3.9				10	28	43	3
23	Apache HTTP Server 1.2	1.2.9				9	17	19	0
24	Apache HTTP Server 1.15	1.15.17				9	13	12	0
25	Apache HTTP Server 1.1	1.1.1				9	19	20	0
26	Apache HTTP Server 1.0	1.0.5				9	18	20	0
27	Apache HTTP Server 0.8	0.8.14				9	17	19	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
11	7.5 -	HIGH Network	A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue.	CWE-122 Heap-based Buffer Overflow	CVE-2026-34355	cpe:2.3:a:apache:http_server::	2.4.0		2.4.68	2026-06-10 01:20 2026-06-9	Show	GitHub Exploit DB Packet Storm

12	6.1 -	MEDIUM Network	A cross-site scripting vulnerability exists in mod_proxy_ftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or revers…	CWE-79 Cross-site Scripting	CVE-2026-29170	cpe:2.3:a:apache:http_server::			2.4.68	2026-06-10 01:21 2026-06-9	Show	GitHub Exploit DB Packet Storm

13	9.8 -	CRITICAL Network	Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to…	CWE-416 Use After Free	CVE-2026-29167	cpe:2.3:a:apache:http_server::	2.4.0		2.4.68	2026-06-10 01:29 2026-06-9	Show	GitHub Exploit DB Packet Storm

14	7.3 -	HIGH Network	Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's mod_md via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users a…	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2026-29168	cpe:2.3:a:apache:http_server::	2.4.30		2.4.67	2026-05-7 03:39 2026-05-5	Show	GitHub Exploit DB Packet Storm

15	7.5 -	HIGH Network	A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav o…	CWE-476 NULL Pointer Dereference	CVE-2026-29169	cpe:2.3:a:apache:http_server::			2.4.67	2026-05-5 11:36 2026-05-5	Show	GitHub Exploit DB Packet Storm

16	7.5 -	HIGH Network	SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to…	-	CVE-2024-40898	cpe:2.3:a:apache:http_server::			2.4.62	2024-11-21 18:31 2024-07-18	Show	GitHub Exploit DB Packet Storm

17	5.3 -	MEDIUM Network	A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some…	NVD-CWE-noinfo	CVE-2024-40725	cpe:2.3:a:apache:http_server:2.4.61:* cpe:2.3:a:apache:http_server:2.4.60:*				2024-11-21 18:31 2024-07-18	Show	GitHub Exploit DB Packet Storm

18	7.5 -	HIGH Network	null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, whic…	-	CVE-2024-38477	cpe:2.3:a:apache:http_server::	2.4.0		2.4.60	2024-11-21 18:26 2024-07-2	Show	GitHub Exploit DB Packet Storm

19	9.8 -	CRITICAL Network	Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious o…	NVD-CWE-noinfo	CVE-2024-38476	cpe:2.3:a:apache:http_server::	2.4.0	2.4.60		2024-11-21 18:26 2024-07-2	Show	GitHub Exploit DB Packet Storm

20	9.8 -	CRITICAL Network	Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any …	-	CVE-2024-38474	cpe:2.3:a:apache:http_server::	2.4.0		2.4.60	2024-11-21 18:26 2024-07-2	Show	GitHub Exploit DB Packet Storm