Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

298

CRITICAL

HIGH

101

MEDIUM

159

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	オープンソース Apache License v2.0

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
191	New!! Apache HTTP Server 2.4	2.4.68	June 8, 2026	Feb. 21, 2012		22	39	36	1
192	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	9	29	73	5
193	Apache HTTP Server 2.3	2.3.9				8	10	9	0
194	Apache HTTP Server 2.2	2.2.9				12	21	69	7
195	Apache HTTP Server 2.1	2.1.9				9	10	13	0
196	Apache HTTP Server 2.0	2.0.9				9	22	54	4
197	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
198	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
199	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
200	Apache HTTP Server 1.99	1.99				9	12	12	0
201	Apache HTTP Server 1.4	1.4.0				9	12	12	0
202	Apache HTTP Server 1.3	1.3.9				10	28	43	3
203	Apache HTTP Server 1.2	1.2.9				9	17	19	0
204	Apache HTTP Server 1.15	1.15.17				9	13	12	0
205	Apache HTTP Server 1.1	1.1.1				9	19	20	0
206	Apache HTTP Server 1.0	1.0.5				9	18	20	0
207	Apache HTTP Server 0.8	0.8.14				9	17	19	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	less than	Update date Published date	Show Affected	Exploit PoC Search
191	- 3.7	LOW	suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized ope…	NVD-CWE-Other	CVE-2007-1742	cpe:2.3:a:apache:http_server:2.2.3:*			2026-04-23 09:35 2007-04-14	Show	GitHub Exploit DB Packet Storm

192	- 4.4	MEDIUM	suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary …	NVD-CWE-Other	CVE-2007-1743	cpe:2.3:a:apache:http_server:2.2.3:*			2026-04-23 09:35 2007-04-14	Show	GitHub Exploit DB Packet Storm

193	- 6.2	MEDIUM	Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renam…	CWE-362 Race Condition	CVE-2007-1741	cpe:2.3:a:apache:http_server:2.2.3:*			2026-04-23 09:35 2007-04-14	Show	GitHub Exploit DB Packet Storm

194	- 5.0	MEDIUM	Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers …	CWE-22 Path Traversal	CVE-2007-0450	cpe:2.3:a:apache:http_server:-:*			2026-04-23 09:35 2007-03-17	Show	GitHub Exploit DB Packet Storm

195	- 7.8	HIGH	The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that s…	CWE-400 Uncontrolled Resource Consumption	CVE-2007-0086	cpe:2.3:a:apache:http_server:-:*			2026-04-23 09:35 2007-01-6	Show	GitHub Exploit DB Packet Storm

196	- 6.8	MEDIUM	Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_v…	NVD-CWE-Other	CVE-2006-4154	cpe:2.3:a:apache:http_server:2.2:* cpe:2.3:a:apache:http_server:2.2.3:* cpe:2.3:a:apache:http_server:2.2.2:* c…			2026-04-23 09:35 2006-10-17	Show	GitHub Exploit DB Packet Storm

197	- 4.3	MEDIUM	Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive …	NVD-CWE-Other	CVE-2006-4110	cpe:2.3:a:apache:http_server:2.2.3:* cpe:2.3:a:apache:http_server:2.2.2:* cpe:2.3:a:apache:http_server:2.0.58:*			2018-10-18 06:33 2006-08-15	Show	GitHub Exploit DB Packet Storm

198	- 7.6	HIGH	Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows rem…	CWE-189 Numeric Errors	CVE-2006-3747	cpe:2.3:a:apache:http_server::	2.2.0 1.3.28 2.0.46	2.2.3 1.3.37 2.0.59	2023-02-13 11:16 2006-07-29	Show	GitHub Exploit DB Packet Storm

199	- 4.3	MEDIUM	http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect …	CWE-79 Cross-site Scripting	CVE-2006-3918	cpe:2.3:a:apache:http_server::	1.3.3	1.3.35	2023-11-7 10:59 2006-07-28	Show	GitHub Exploit DB Packet Storm

200	- 5.4	MEDIUM	mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) v…	CWE-399 Resource Management Errors	CVE-2005-3357	cpe:2.3:a:apache:http_server:2.0:* cpe:2.3:a:apache:http_server:2.0.9:* cpe:2.3:a:apache:http_server:2.0.55:* …			2023-02-13 11:15 2005-12-31	Show	GitHub Exploit DB Packet Storm