Software Detail

Software Informaton Top

Web Server

Software Detail

Apache HTTP Server

Number Of NVD

298

CRITICAL

HIGH

101

MEDIUM

159

LOW

URL	https://httpd.apache.org/
Explanation	It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache. The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server". It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag	オープンソース Apache License v2.0

Add Information URL

No	Type	Name	URL
1			https://httpd.apache.org/download.cgi

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Security Support Service Pack Support	Critical	High	Medium	Low
21	New!! Apache HTTP Server 2.4	2.4.68	June 8, 2026	Feb. 21, 2012		22	39	36	1
22	Apache HTTP Server 2.0	2.0.65	July 10, 2013	April 6, 2002	July 10, 2013	9	29	73	5
23	Apache HTTP Server 2.3	2.3.9				8	10	9	0
24	Apache HTTP Server 2.2	2.2.9				12	21	69	7
25	Apache HTTP Server 2.1	2.1.9				9	10	13	0
26	Apache HTTP Server 2.0	2.0.9				9	22	54	4
27	Apache HTTP Server 12.2	12.2.1.3.0				0	0	0	0
28	Apache HTTP Server 12.1	12.1.3.0.0				0	0	0	0
29	Apache HTTP Server 11.1	11.1.1.9.0				0	0	0	0
30	Apache HTTP Server 1.99	1.99				9	12	12	0
31	Apache HTTP Server 1.4	1.4.0				9	12	12	0
32	Apache HTTP Server 1.3	1.3.9				10	28	43	3
33	Apache HTTP Server 1.2	1.2.9				9	17	19	0
34	Apache HTTP Server 1.15	1.15.17				9	13	12	0
35	Apache HTTP Server 1.1	1.1.1				9	19	20	0
36	Apache HTTP Server 1.0	1.0.5				9	18	20	0
37	Apache HTTP Server 0.8	0.8.14				9	17	19	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
21	7.5 -	HIGH Network	HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory …	-	CVE-2024-27316	cpe:2.3:a:apache:http_server::	2.4.17		2.4.59	2024-11-21 18:04 2024-04-5	Show	GitHub Exploit DB Packet Storm

22	5.9 -	MEDIUM Network	When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection c…	CWE-404 Improper Resource Shutdown or Release	CVE-2023-45802	cpe:2.3:a:apache:http_server::	2.4.17		2.4.58	2024-11-21 17:27 2023-10-23	Show	GitHub Exploit DB Packet Storm

23	7.5 -	HIGH Network	An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resou…	-	CVE-2023-43622	cpe:2.3:a:apache:http_server::	2.4.55		2.4.58	2024-11-21 17:24 2023-10-23	Show	GitHub Exploit DB Packet Storm

24	7.5 -	HIGH Network	Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.	-	CVE-2023-31122	cpe:2.3:a:apache:http_server::		2.4.57		2024-11-21 17:01 2023-10-23	Show	GitHub Exploit DB Packet Storm

25	9.8 -	CRITICAL Network	Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form…	-	CVE-2023-25690	cpe:2.3:a:apache:http_server::	2.4.0	2.4.55		2024-11-21 16:49 2023-03-8	Show	GitHub Exploit DB Packet Storm

26	7.5 -	HIGH Network	HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header c…	-	CVE-2023-27522	cpe:2.3:a:apache:http_server::	2.4.30	2.4.55		2024-11-21 16:53 2023-03-8	Show	GitHub Exploit DB Packet Storm

27	5.3 -	MEDIUM Network	Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers…	-	CVE-2022-37436	cpe:2.3:a:apache:http_server::			2.4.55	2024-11-21 16:14 2023-01-18	Show	GitHub Exploit DB Packet Storm

28	9.0 -	CRITICAL Network	Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards reque…	-	CVE-2022-36760	cpe:2.3:a:apache:http_server::	2.4.0		2.4.55	2024-11-21 16:13 2023-01-18	Show	GitHub Exploit DB Packet Storm

29	7.5 -	HIGH Network	A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. …	-	CVE-2006-20001	cpe:2.3:a:apache:http_server::			2.4.55	2024-11-21 09:10 2023-01-18	Show	GitHub Exploit DB Packet Storm

30	9.8 7.5	CRITICAL Network	Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based auth…	CWE-345 Insufficient Verification of Data Authenticity	CVE-2022-31813	cpe:2.3:a:apache:http_server::		2.4.53		2024-11-21 16:05 2022-06-10	Show	GitHub Exploit DB Packet Storm