Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Apache HTTP Server Number Of NVD 298 CRITICAL 25 HIGH 101 MEDIUM 159 LOW 13
URL https://httpd.apache.org/
Explanation It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache.

The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server".

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag
  • オープンソース
  • Apache License v2.0
Add Information URL
No Type Name URL
1 https://httpd.apache.org/download.cgi
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
51 New!! Apache HTTP Server 2.4 2.4.68 June 8, 2026 Feb. 21, 2012 22 39 36 1
52 Apache HTTP Server 2.0 2.0.65 July 10, 2013 April 6, 2002 July 10, 2013 9 29 73 5
53 Apache HTTP Server 2.3 2.3.9 8 10 9 0
54 Apache HTTP Server 2.2 2.2.9 12 21 69 7
55 Apache HTTP Server 2.1 2.1.9 9 10 13 0
56 Apache HTTP Server 2.0 2.0.9 9 22 54 4
57 Apache HTTP Server 12.2 12.2.1.3.0 0 0 0 0
58 Apache HTTP Server 12.1 12.1.3.0.0 0 0 0 0
59 Apache HTTP Server 11.1 11.1.1.9.0 0 0 0 0
60 Apache HTTP Server 1.99 1.99 9 12 12 0
61 Apache HTTP Server 1.4 1.4.0 9 12 12 0
62 Apache HTTP Server 1.3 1.3.9 10 28 43 3
63 Apache HTTP Server 1.2 1.2.9 9 17 19 0
64 Apache HTTP Server 1.15 1.15.17 9 13 12 0
65 Apache HTTP Server 1.1 1.1.1 9 19 20 0
66 Apache HTTP Server 1.0 1.0.5 9 18 20 0
67 Apache HTTP Server 0.8 0.8.14 9 17 19 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
51 7.5
5.0 		HIGH
Network 		A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.… NVD-CWE-Other
CVE-2021-33193 cpe:2.3:a:apache:http_server:*:* 2.4.17 2.4.48 2024-11-21 15:08
2021-08-16 		Show GitHub Exploit DB Packet Storm
52 7.5
5.0 		HIGH
Network 		Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On viol… CWE-476
 NULL Pointer Dereference 		CVE-2021-31618 cpe:2.3:a:apache:http_server:2.4.47:*
cpe:2.3:a:apache:http_server:1.15.17:* 		2024-11-21 15:06
2021-06-15 		Show GitHub Exploit DB Packet Storm
53 5.3
5.0 		MEDIUM
Network 		Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF' NVD-CWE-Other
CVE-2021-30641 cpe:2.3:a:apache:http_server:*:* 2.4.39 2.4.46 2024-11-21 15:04
2021-06-10 		Show GitHub Exploit DB Packet Storm
54 9.8
7.5 		CRITICAL
Network 		In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow CWE-787
 Out-of-bounds Write 		CVE-2021-26691 cpe:2.3:a:apache:http_server:*:* 2.4.0 2.4.46 2024-11-21 14:56
2021-06-10 		Show GitHub Exploit DB Packet Storm
55 7.5
5.0 		HIGH
Network 		Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service CWE-476
 NULL Pointer Dereference 		CVE-2021-26690 cpe:2.3:a:apache:http_server:*:* 2.4.0 2.4.46 2024-11-21 14:56
2021-06-10 		Show GitHub Exploit DB Packet Storm
56 7.5
5.0 		HIGH
Network 		Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, le… CWE-476
 NULL Pointer Dereference 		CVE-2020-13950 cpe:2.3:a:apache:http_server:*:* 2.4.41 2.4.46 2024-11-21 14:02
2021-06-10 		Show GitHub Exploit DB Packet Storm
57 5.5
2.1 		MEDIUM
Local 		Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows CWE-862
 Missing Authorization 		CVE-2020-13938 cpe:2.3:a:apache:http_server:*:* 2.4.0 2.4.46 2024-11-21 14:02
2021-06-10 		Show GitHub Exploit DB Packet Storm
58 5.3
5.0 		MEDIUM
Network 		Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing … CWE-444
HTTP Request Smuggling 		CVE-2019-17567 cpe:2.3:a:apache:http_server:*:* 2.4.6 2.4.46 2024-11-21 13:32
2021-06-10 		Show GitHub Exploit DB Packet Storm
59 7.3
6.8 		HIGH
Network 		Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP … CWE-787
 Out-of-bounds Write 		CVE-2020-35452 cpe:2.3:a:apache:http_server:*:* 2.4.0 2.4.46 2024-11-21 14:27
2021-06-10 		Show GitHub Exploit DB Packet Storm
60 7.5
5.0 		HIGH
Network 		Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resou… CWE-444
HTTP Request Smuggling 		CVE-2020-9490 cpe:2.3:a:apache:http_server:*:* 2.4.20 2.4.46 2024-11-21 14:40
2020-08-8 		Show GitHub Exploit DB Packet Storm