Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

298

CRITICAL

HIGH

101

MEDIUM

159

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	オープンソース Apache License v2.0

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
251	Apache HTTP Server 2.4	2.4.67	May 4, 2026	Feb. 21, 2012		22	39	36	1
252	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	9	29	73	5
253	Apache HTTP Server 2.3	2.3.9				8	10	9	0
254	Apache HTTP Server 2.2	2.2.9				12	21	69	7
255	Apache HTTP Server 2.1	2.1.9				9	10	13	0
256	Apache HTTP Server 2.0	2.0.9				9	22	54	4
257	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
258	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
259	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
260	Apache HTTP Server 1.99	1.99				9	12	12	0
261	Apache HTTP Server 1.4	1.4.0				9	12	12	0
262	Apache HTTP Server 1.3	1.3.9				10	28	43	3
263	Apache HTTP Server 1.2	1.2.9				9	17	19	0
264	Apache HTTP Server 1.15	1.15.17				9	13	12	0
265	Apache HTTP Server 1.1	1.1.1				9	19	20	0
266	Apache HTTP Server 1.0	1.0.5				9	18	20	0
267	Apache HTTP Server 0.8	0.8.14				9	17	19	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
251	7.5 5.0	HIGH Network	mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data …	CWE-667 Improper Locking	CVE-2002-1850	cpe:2.3:a:apache:http_server:2.0.40:* cpe:2.3:a:apache:http_server:2.0.39:*				2024-02-9 09:29 2002-12-31	Show	GitHub Exploit DB Packet Storm

252	- 2.6	LOW	A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or mo…	NVD-CWE-Other	CVE-2002-1233	cpe:2.3:a:apache:http_server:1.3.27:* cpe:2.3:a:apache:http_server:1.3.26:* cpe:2.3:a:apache:http_server:1.3.26:*…				2016-10-18 11:25 2002-11-4	Show	GitHub Exploit DB Packet Storm

253	- 7.2	HIGH	The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of serv…	NVD-CWE-noinfo	CVE-2002-0839	cpe:2.3:a:apache:http_server::	1.3.0		1.3.27	2023-11-7 10:55 2002-10-11	Show	GitHub Exploit DB Packet Storm

254	- 6.8	MEDIUM	Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows …	NVD-CWE-Other	CVE-2002-0840	cpe:2.3:a:apache:http_server:2.0:* cpe:2.3:a:apache:http_server:2.0.42:* cpe:2.3:a:apache:http_server:2.0.41:*				2023-11-7 10:55 2002-10-11	Show	GitHub Exploit DB Packet Storm

255	- 7.5	HIGH	Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly exec…	NVD-CWE-Other	CVE-2002-0843	cpe:2.3:a:apache:http_server:1.3:* cpe:2.3:a:apache:http_server:1.3.9:* cpe:2.3:a:apache:http_server:1.3.6:* c…				2023-11-7 10:55 2002-10-11	Show	GitHub Exploit DB Packet Storm

256	- 5.0	MEDIUM	Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.	NVD-CWE-Other	CVE-2002-1156	cpe:2.3:a:apache:http_server:2.0.42:*				2023-11-7 10:55 2002-10-11	Show	GitHub Exploit DB Packet Storm

257	- 5.0	MEDIUM	mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumpti…	NVD-CWE-Other	CVE-2002-1593	cpe:2.3:a:apache:http_server:2.0:* cpe:2.3:a:apache:http_server:2.0.41:* cpe:2.3:a:apache:http_server:2.0.40:*				2023-11-7 10:56 2002-09-25	Show	GitHub Exploit DB Packet Storm

258	- 5.0	MEDIUM	Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resultin…	NVD-CWE-Other	CVE-2002-0654	cpe:2.3:a:apache:http_server:2.0:* cpe:2.3:a:apache:http_server:2.0.39:* cpe:2.3:a:apache:http_server:2.0.38:*				2023-11-7 10:55 2002-09-5	Show	GitHub Exploit DB Packet Storm

259	- 7.5	HIGH	Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing …	NVD-CWE-Other	CVE-2002-0661	cpe:2.3:a:apache:http_server:2.0:* cpe:2.3:a:apache:http_server:2.0.39:* cpe:2.3:a:apache:http_server:2.0.38:*				2023-11-7 10:55 2002-08-12	Show	GitHub Exploit DB Packet Storm

260	- 7.5	HIGH	Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache …	NVD-CWE-noinfo	CVE-2002-0392	cpe:2.3:a:apache:http_server::	2.0.0 1.2.2	2.0.36 1.3.24		2023-11-7 10:55 2002-07-3	Show	GitHub Exploit DB Packet Storm