Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Apache HTTP Server Number Of NVD 298 CRITICAL 25 HIGH 101 MEDIUM 159 LOW 13
URL https://httpd.apache.org/
Explanation It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache.

The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server".

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag
  • オープンソース
  • Apache License v2.0
Add Information URL
No Type Name URL
1 https://httpd.apache.org/download.cgi
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
41 New!! Apache HTTP Server 2.4 2.4.68 June 8, 2026 Feb. 21, 2012 22 39 36 1
42 Apache HTTP Server 2.0 2.0.65 July 10, 2013 April 6, 2002 July 10, 2013 9 29 73 5
43 Apache HTTP Server 2.3 2.3.9 8 10 9 0
44 Apache HTTP Server 2.2 2.2.9 12 21 69 7
45 Apache HTTP Server 2.1 2.1.9 9 10 13 0
46 Apache HTTP Server 2.0 2.0.9 9 22 54 4
47 Apache HTTP Server 12.2 12.2.1.3.0 0 0 0 0
48 Apache HTTP Server 12.1 12.1.3.0.0 0 0 0 0
49 Apache HTTP Server 11.1 11.1.1.9.0 0 0 0 0
50 Apache HTTP Server 1.99 1.99 9 12 12 0
51 Apache HTTP Server 1.4 1.4.0 9 12 12 0
52 Apache HTTP Server 1.3 1.3.9 10 28 43 3
53 Apache HTTP Server 1.2 1.2.9 9 17 19 0
54 Apache HTTP Server 1.15 1.15.17 9 13 12 0
55 Apache HTTP Server 1.1 1.1.1 9 19 20 0
56 Apache HTTP Server 1.0 1.0.5 9 18 20 0
57 Apache HTTP Server 0.8 0.8.14 9 17 19 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
41 7.5
5.0 		HIGH
Network 		A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. CWE-665
 Improper Initialization 		CVE-2022-22719 cpe:2.3:a:apache:http_server:*:* 2.4.52 2024-11-21 15:47
2022-03-14 		Show GitHub Exploit DB Packet Storm
42 9.8
7.5 		CRITICAL
Network 		A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerab… - CVE-2021-44790 cpe:2.3:a:apache:http_server:*:* 2.4.51 2024-11-21 15:31
2021-12-20 		Show GitHub Exploit DB Packet Storm
43 8.2
6.4 		HIGH
Network 		A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can all… CWE-476
 NULL Pointer Dereference 		CVE-2021-44224 cpe:2.3:a:apache:http_server:*:* 2.4.7 2.4.52 2024-11-21 15:30
2021-12-20 		Show GitHub Exploit DB Packet Storm
44 9.8
7.5 		CRITICAL
Network 		It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Al… CWE-22
NVD-CWE-Other
Path Traversal 		CVE-2021-42013 cpe:2.3:a:apache:http_server:2.4.50:*
cpe:2.3:a:apache:http_server:2.4.49:* 		2024-11-21 15:27
2021-10-8 		Show GitHub Exploit DB Packet Storm
45 7.5
4.3 		HIGH
Network 		A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-li… CWE-22
Path Traversal 		CVE-2021-41773 cpe:2.3:a:apache:http_server:2.4.49:* 2024-11-21 15:26
2021-10-5 		Show GitHub Exploit DB Packet Storm
46 7.5
5.0 		HIGH
Network 		While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request.… CWE-476
 NULL Pointer Dereference 		CVE-2021-41524 cpe:2.3:a:apache:http_server:2.4.49:* 2024-11-21 15:26
2021-10-5 		Show GitHub Exploit DB Packet Storm
47 9.8
7.5 		CRITICAL
Network 		ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affe… CWE-787
 Out-of-bounds Write 		CVE-2021-39275 cpe:2.3:a:apache:http_server:*:* 2.4.48 2024-11-21 15:19
2021-09-17 		Show GitHub Exploit DB Packet Storm
48 9.0
6.8 		CRITICAL
Network 		A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2021-40438 cpe:2.3:a:apache:http_server:*:* 2.4.48 2024-11-21 15:24
2021-09-17 		Show GitHub Exploit DB Packet Storm
49 7.5
5.0 		HIGH
Network 		A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). CWE-125
Out-of-bounds Read 		CVE-2021-36160 cpe:2.3:a:apache:http_server:*:* 2.4.30 2.4.48 2024-11-21 15:13
2021-09-17 		Show GitHub Exploit DB Packet Storm
50 7.5
5.0 		HIGH
Network 		Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. CWE-476
 NULL Pointer Dereference 		CVE-2021-34798 cpe:2.3:a:apache:http_server:*:* 2.4.48 2024-11-21 15:11
2021-09-17 		Show GitHub Exploit DB Packet Storm