Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Apache HTTP Server Number Of NVD 298 CRITICAL 25 HIGH 101 MEDIUM 159 LOW 13
URL https://httpd.apache.org/
Explanation It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache.

The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server".

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag
  • オープンソース
  • Apache License v2.0
Add Information URL
No Type Name URL
1 https://httpd.apache.org/download.cgi
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
31 New!! Apache HTTP Server 2.4 2.4.68 June 8, 2026 Feb. 21, 2012 22 39 36 1
32 Apache HTTP Server 2.0 2.0.65 July 10, 2013 April 6, 2002 July 10, 2013 9 29 73 5
33 Apache HTTP Server 2.3 2.3.9 8 10 9 0
34 Apache HTTP Server 2.2 2.2.9 12 21 69 7
35 Apache HTTP Server 2.1 2.1.9 9 10 13 0
36 Apache HTTP Server 2.0 2.0.9 9 22 54 4
37 Apache HTTP Server 12.2 12.2.1.3.0 0 0 0 0
38 Apache HTTP Server 12.1 12.1.3.0.0 0 0 0 0
39 Apache HTTP Server 11.1 11.1.1.9.0 0 0 0 0
40 Apache HTTP Server 1.99 1.99 9 12 12 0
41 Apache HTTP Server 1.4 1.4.0 9 12 12 0
42 Apache HTTP Server 1.3 1.3.9 10 28 43 3
43 Apache HTTP Server 1.2 1.2.9 9 17 19 0
44 Apache HTTP Server 1.15 1.15.17 9 13 12 0
45 Apache HTTP Server 1.1 1.1.1 9 19 20 0
46 Apache HTTP Server 1.0 1.0.5 9 18 20 0
47 Apache HTTP Server 0.8 0.8.14 9 17 19 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
31 7.5
5.0 		HIGH
Network 		Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. NVD-CWE-Other
CVE-2022-30556 cpe:2.3:a:apache:http_server:*:* 2.4.53 2024-11-21 16:02
2022-06-10 		Show GitHub Exploit DB Packet Storm
32 7.5
5.0 		HIGH
Network 		If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigg… CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2022-30522 cpe:2.3:a:apache:http_server:2.4.53:* 2024-11-21 16:02
2022-06-10 		Show GitHub Exploit DB Packet Storm
33 7.5
5.0 		HIGH
Network 		In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2022-29404 cpe:2.3:a:apache:http_server:*:* 2.4.53 2024-11-21 15:59
2022-06-10 		Show GitHub Exploit DB Packet Storm
34 9.1
6.4 		CRITICAL
Network 		Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed … CWE-190
 Integer Overflow or Wraparound 		CVE-2022-28615 cpe:2.3:a:apache:http_server:*:* 2.4.53 2024-11-21 15:57
2022-06-10 		Show GitHub Exploit DB Packet Storm
35 5.3
5.0 		MEDIUM
Network 		The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as w… CWE-190
 Integer Overflow or Wraparound 		CVE-2022-28614 cpe:2.3:a:apache:http_server:*:* 2.4.53 2024-11-21 15:57
2022-06-10 		Show GitHub Exploit DB Packet Storm
36 5.3
5.0 		MEDIUM
Network 		Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module. CWE-125
Out-of-bounds Read 		CVE-2022-28330 cpe:2.3:a:apache:http_server:*:* 2.4.53 2024-11-21 15:57
2022-06-10 		Show GitHub Exploit DB Packet Storm
37 7.5
5.0 		HIGH
Network 		Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards reque… CWE-444
HTTP Request Smuggling 		CVE-2022-26377 cpe:2.3:a:apache:http_server:*:* 2.4.0 2.4.53 2024-11-21 15:53
2022-06-10 		Show GitHub Exploit DB Packet Storm
38 9.8
7.5 		CRITICAL
Network 		Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version … CWE-787
 Out-of-bounds Write 		CVE-2022-23943 cpe:2.3:a:apache:http_server:*:* 2.4.0 2.4.52 2024-11-21 15:49
2022-03-14 		Show GitHub Exploit DB Packet Storm
39 9.1
5.8 		CRITICAL
Network 		If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apac… CWE-190
 Integer Overflow or Wraparound 		CVE-2022-22721 cpe:2.3:a:apache:http_server:*:* 2.4.52 2024-11-21 15:47
2022-03-14 		Show GitHub Exploit DB Packet Storm
40 9.8
7.5 		CRITICAL
Network 		Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling CWE-444
HTTP Request Smuggling 		CVE-2022-22720 cpe:2.3:a:apache:http_server:*:* 2.4.52 2024-11-21 15:47
2022-03-14 		Show GitHub Exploit DB Packet Storm