Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

298

CRITICAL

HIGH

101

MEDIUM

159

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	オープンソース Apache License v2.0

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
221	New!! Apache HTTP Server 2.4	2.4.68	June 8, 2026	Feb. 21, 2012		22	39	36	1
222	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	9	29	73	5
223	Apache HTTP Server 2.3	2.3.9				8	10	9	0
224	Apache HTTP Server 2.2	2.2.9				12	21	69	7
225	Apache HTTP Server 2.1	2.1.9				9	10	13	0
226	Apache HTTP Server 2.0	2.0.9				9	22	54	4
227	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
228	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
229	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
230	Apache HTTP Server 1.99	1.99				9	12	12	0
231	Apache HTTP Server 1.4	1.4.0				9	12	12	0
232	Apache HTTP Server 1.3	1.3.9				10	28	43	3
233	Apache HTTP Server 1.2	1.2.9				9	17	19	0
234	Apache HTTP Server 1.15	1.15.17				9	13	12	0
235	Apache HTTP Server 1.1	1.1.1				9	19	20	0
236	Apache HTTP Server 1.0	1.0.5				9	18	20	0
237	Apache HTTP Server 0.8	0.8.14				9	17	19	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
221	- 6.4	MEDIUM	The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based…	NVD-CWE-Other	CVE-2004-0493	cpe:2.3:a:apache:http_server:2.0.49:* cpe:2.3:a:apache:http_server:2.0.48:* cpe:2.3:a:apache:http_server:2.0.47:*				2023-11-7 10:56 2004-08-6	Show	GitHub Exploit DB Packet Storm

222	- 7.5	HIGH	Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitr…	CWE-787 Out-of-bounds Write	CVE-2004-0488	cpe:2.3:a:apache:http_server::	2.0.35		2.0.50	2023-11-7 10:56 2004-07-7	Show	GitHub Exploit DB Packet Storm

223	7.5 5.0	HIGH Network	Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "…	CWE-667 Improper Locking	CVE-2004-0174	cpe:2.3:a:apache:http_server::		2.0.49		2024-02-16 05:37 2004-05-4	Show	GitHub Exploit DB Packet Storm

224	- 5.0	MEDIUM	Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (do…	NVD-CWE-Other	CVE-2004-0173	cpe:2.3:a:apache:http_server:1.3:* cpe:2.3:a:apache:http_server:1.2:* cpe:2.3:a:apache:http_server:1.2.5:* cpe…				2017-10-10 10:30 2004-04-15	Show	GitHub Exploit DB Packet Storm

225	- 7.5	HIGH	mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to …	NVD-CWE-Other	CVE-2003-0993	cpe:2.3:a:apache:http_server:1.3:* cpe:2.3:a:apache:http_server:1.3.9:* cpe:2.3:a:apache:http_server:1.3.7:* c…				2023-11-7 10:56 2004-03-29	Show	GitHub Exploit DB Packet Storm

226	- 5.0	MEDIUM	Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enable…	NVD-CWE-Other	CVE-2004-0113	cpe:2.3:a:apache:http_server:2.0.48:* cpe:2.3:a:apache:http_server:2.0.47:* cpe:2.3:a:apache:http_server:2.0.46:*…				2023-11-7 10:56 2004-03-29	Show	GitHub Exploit DB Packet Storm

227	- 2.1	LOW	mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.	NVD-CWE-Other	CVE-2004-1834	cpe:2.3:a:apache:http_server:2.0:* cpe:2.3:a:apache:http_server:2.0.9:* cpe:2.3:a:apache:http_server:2.0.49:* …				2023-11-7 10:56 2004-03-20	Show	GitHub Exploit DB Packet Storm

228	- 7.5	HIGH	mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.	NVD-CWE-Other	CVE-2003-0987	cpe:2.3:a:apache:http_server::		1.3.30		2023-11-7 10:56 2004-03-3	Show	GitHub Exploit DB Packet Storm

229	- 7.5	HIGH	mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.	NVD-CWE-Other	CVE-2004-1082	cpe:2.3:a:apache:http_server:1.3:* cpe:2.3:a:apache:http_server:1.3.9:* cpe:2.3:a:apache:http_server:1.3.7:* c…				2018-10-31 01:25 2004-02-3	Show	GitHub Exploit DB Packet Storm

230	- 4.3	MEDIUM	Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, wh…	CWE-200 Information Exposure	CVE-2003-1418	cpe:2.3:a:apache:http_server:1.3.27:* cpe:2.3:a:apache:http_server:1.3.26:* cpe:2.3:a:apache:http_server:1.3.25:*…				2017-10-20 10:29 2003-12-31	Show	GitHub Exploit DB Packet Storm