Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Apache HTTP Server Number Of NVD 298 CRITICAL 25 HIGH 101 MEDIUM 159 LOW 13
URL https://httpd.apache.org/
Explanation It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache.

The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server".

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag
  • オープンソース
  • Apache License v2.0
Add Information URL
No Type Name URL
1 https://httpd.apache.org/download.cgi
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
201 New!! Apache HTTP Server 2.4 2.4.68 June 8, 2026 Feb. 21, 2012 22 39 36 1
202 Apache HTTP Server 2.0 2.0.65 July 10, 2013 April 6, 2002 July 10, 2013 9 29 73 5
203 Apache HTTP Server 2.3 2.3.9 8 10 9 0
204 Apache HTTP Server 2.2 2.2.9 12 21 69 7
205 Apache HTTP Server 2.1 2.1.9 9 10 13 0
206 Apache HTTP Server 2.0 2.0.9 9 22 54 4
207 Apache HTTP Server 12.2 12.2.1.3.0 0 0 0 0
208 Apache HTTP Server 12.1 12.1.3.0.0 0 0 0 0
209 Apache HTTP Server 11.1 11.1.1.9.0 0 0 0 0
210 Apache HTTP Server 1.99 1.99 9 12 12 0
211 Apache HTTP Server 1.4 1.4.0 9 12 12 0
212 Apache HTTP Server 1.3 1.3.9 10 28 43 3
213 Apache HTTP Server 1.2 1.2.9 9 17 19 0
214 Apache HTTP Server 1.15 1.15.17 9 13 12 0
215 Apache HTTP Server 1.1 1.1.1 9 19 20 0
216 Apache HTTP Server 1.0 1.0.5 9 18 20 0
217 Apache HTTP Server 0.8 0.8.14 9 17 19 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
201 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HT… CWE-79
Cross-site Scripting 		CVE-2005-3352 cpe:2.3:a:apache:http_server:2.2:*
cpe:2.3:a:apache:http_server:*:*
2.0

1.3.35
2.0.56 		2024-01-20 00:12
2005-12-14 		Show GitHub Exploit DB Packet Storm
202 -
5.0 		MEDIUM Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the … CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2005-2970 cpe:2.3:a:apache:http_server:*:* 2.0.36 2.0.55 2023-02-13 10:16
2005-10-26 		Show GitHub Exploit DB Packet Storm
203 -
10.0 		HIGH ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location con… NVD-CWE-noinfo
CVE-2005-2700 cpe:2.3:a:apache:http_server:*:* 2.0.35 2.0.55 2023-02-13 10:16
2005-09-7 		Show GitHub Exploit DB Packet Storm
204 -
5.0 		MEDIUM The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field. NVD-CWE-Other
CVE-2005-2728 cpe:2.3:a:apache:http_server:2.0:*
cpe:2.3:a:apache:http_server:2.0.9:*
cpe:2.3:a:apache:http_server:2.0.53:*
 2023-11-7 10:57
2005-08-30 		Show GitHub Exploit DB Packet Storm
205 -
5.0 		MEDIUM Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process cr… CWE-193
 Off-by-one Error 		CVE-2005-1268 cpe:2.3:a:apache:http_server:*:* 2.0.35 2.0.54 2023-02-13 10:15
2005-08-5 		Show GitHub Exploit DB Packet Storm
206 -
4.3 		MEDIUM The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct X… CWE-444
HTTP Request Smuggling 		CVE-2005-2088 cpe:2.3:a:apache:http_server:*:* 2.0.35 2.0.55 2024-02-9 11:40
2005-07-5 		Show GitHub Exploit DB Packet Storm
207 -
7.5 		HIGH Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgi… NVD-CWE-Other
CVE-2005-1344 cpe:2.3:a:apache:http_server:2.0.52:* 2008-09-11 04:38
2005-05-2 		Show GitHub Exploit DB Packet Storm
208 -
5.0 		MEDIUM Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of … NVD-CWE-Other
CVE-2004-0942 cpe:2.3:a:apache:http_server:*:* 2.0.52 2023-11-7 10:56
2005-02-9 		Show GitHub Exploit DB Packet Storm
209 7.8
6.9 		HIGH
Local 		Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents… CWE-131
Incorrect Calculation of Buffer Size 		CVE-2004-0940 cpe:2.3:a:apache:http_server:*:* 1.3 1.3.32 2024-02-2 12:05
2005-02-9 		Show GitHub Exploit DB Packet Storm
210 -
2.1 		LOW The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files. NVD-CWE-Other
CVE-2004-1387 cpe:2.3:a:apache:http_server:1.3.31:* 2018-10-4 06:29
2004-12-31 		Show GitHub Exploit DB Packet Storm