Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

298

CRITICAL

HIGH

101

MEDIUM

159

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	オープンソース Apache License v2.0

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
261	Apache HTTP Server 2.4	2.4.67	May 4, 2026	Feb. 21, 2012		22	39	36	1
262	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	9	29	73	5
263	Apache HTTP Server 2.3	2.3.9				8	10	9	0
264	Apache HTTP Server 2.2	2.2.9				12	21	69	7
265	Apache HTTP Server 2.1	2.1.9				9	10	13	0
266	Apache HTTP Server 2.0	2.0.9				9	22	54	4
267	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
268	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
269	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
270	Apache HTTP Server 1.99	1.99				9	12	12	0
271	Apache HTTP Server 1.4	1.4.0				9	12	12	0
272	Apache HTTP Server 1.3	1.3.9				10	28	43	3
273	Apache HTTP Server 1.2	1.2.9				9	17	19	0
274	Apache HTTP Server 1.15	1.15.17				9	13	12	0
275	Apache HTTP Server 1.1	1.1.1				9	19	20	0
276	Apache HTTP Server 1.0	1.0.5				9	18	20	0
277	Apache HTTP Server 0.8	0.8.14				9	17	19	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
261	- 5.0	MEDIUM	PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reve…	NVD-CWE-Other	CVE-2002-0240	cpe:2.3:a:apache:http_server:2.0.28:beta				2016-10-18 11:17 2002-05-29	Show	GitHub Exploit DB Packet Storm

262	- 5.0	MEDIUM	PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /12…	NVD-CWE-Other	CVE-2002-0249	cpe:2.3:a:apache:http_server:2.0.28:beta				2016-10-18 11:17 2002-05-29	Show	GitHub Exploit DB Packet Storm

263	- 7.5	HIGH	Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4…	NVD-CWE-Other	CVE-2002-0257	cpe:2.3:a:apache:http_server:1.3.22:* cpe:2.3:a:apache:http_server:1.3.20:* cpe:2.3:a:apache:http_server:1.3.19:*…				2016-10-18 11:17 2002-05-29	Show	GitHub Exploit DB Packet Storm

264	- 5.0	MEDIUM	The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote a…	NVD-CWE-Other	CVE-2002-1592	cpe:2.3:a:apache:http_server:2.0:* cpe:2.3:a:apache:http_server:2.0.35:* cpe:2.3:a:apache:http_server:2.0.32:*				2023-11-7 10:56 2002-05-6	Show	GitHub Exploit DB Packet Storm

265	- 7.5	HIGH	Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a \| pipe character) provided as arguments to batch (.bat)…	CWE-78 OS Command	CVE-2002-0061	cpe:2.3:a:apache:http_server::	2.0.0		1.3.24 2.0.34	2024-01-27 05:01 2002-03-21	Show	GitHub Exploit DB Packet Storm

266	- 5.0	MEDIUM	The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof…	CWE-532 Inclusion of Sensitive Information in Log Files	CVE-2001-1556	cpe:2.3:a:apache:http_server::	1.3.0 2.0.0		1.3.31 2.0.49	2020-10-15 01:51 2001-12-31	Show	GitHub Exploit DB Packet Storm

267	- 2.1	LOW	mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain ses…	CWE-384 Session Fixation	CVE-2001-1534	cpe:2.3:a:apache:http_server::	1.3.11	1.3.20		2021-07-16 05:37 2001-12-31	Show	GitHub Exploit DB Packet Storm

268	- 7.5	HIGH	The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.	NVD-CWE-Other	CVE-2001-1449	cpe:2.3:a:apache:http_server:1.3:* cpe:2.3:a:apache:http_server:1.3.9:* cpe:2.3:a:apache:http_server:1.3.6:* c…				2017-07-11 10:29 2001-11-28	Show	GitHub Exploit DB Packet Storm

269	- 5.0	MEDIUM	Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.	NVD-CWE-Other	CVE-2001-0729	cpe:2.3:a:apache:http_server:1.3.20:*				2023-11-7 10:55 2001-10-30	Show	GitHub Exploit DB Packet Storm

270	- 5.0	MEDIUM	split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.	NVD-CWE-Other	CVE-2001-0730	cpe:2.3:a:apache:http_server:1.3.20:*				2023-11-7 10:55 2001-10-30	Show	GitHub Exploit DB Packet Storm