Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Apache HTTP Server Number Of NVD 298 CRITICAL 25 HIGH 101 MEDIUM 159 LOW 13
URL https://httpd.apache.org/
Explanation It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache.

The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server".

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag
  • オープンソース
  • Apache License v2.0
Add Information URL
No Type Name URL
1 https://httpd.apache.org/download.cgi
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
61 New!! Apache HTTP Server 2.4 2.4.68 June 8, 2026 Feb. 21, 2012 22 39 36 1
62 Apache HTTP Server 2.0 2.0.65 July 10, 2013 April 6, 2002 July 10, 2013 9 29 73 5
63 Apache HTTP Server 2.3 2.3.9 8 10 9 0
64 Apache HTTP Server 2.2 2.2.9 12 21 69 7
65 Apache HTTP Server 2.1 2.1.9 9 10 13 0
66 Apache HTTP Server 2.0 2.0.9 9 22 54 4
67 Apache HTTP Server 12.2 12.2.1.3.0 0 0 0 0
68 Apache HTTP Server 12.1 12.1.3.0.0 0 0 0 0
69 Apache HTTP Server 11.1 11.1.1.9.0 0 0 0 0
70 Apache HTTP Server 1.99 1.99 9 12 12 0
71 Apache HTTP Server 1.4 1.4.0 9 12 12 0
72 Apache HTTP Server 1.3 1.3.9 10 28 43 3
73 Apache HTTP Server 1.2 1.2.9 9 17 19 0
74 Apache HTTP Server 1.15 1.15.17 9 13 12 0
75 Apache HTTP Server 1.1 1.1.1 9 19 20 0
76 Apache HTTP Server 1.0 1.0.5 9 18 20 0
77 Apache HTTP Server 0.8 0.8.14 9 17 19 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
61 7.5
4.3 		HIGH
Network 		Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing con… CWE-444
HTTP Request Smuggling 		CVE-2020-11993 cpe:2.3:a:apache:http_server:*:* 2.4.20 2.4.43 2024-11-21 13:59
2020-08-8 		Show GitHub Exploit DB Packet Storm
62 5.3
4.3 		MEDIUM
Network 		IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for lo… CWE-345
 Insufficient Verification of Data Authenticity 		CVE-2020-11985 cpe:2.3:a:apache:http_server:*:* 2.4.1 2.4.23 2024-11-21 13:59
2020-08-8 		Show GitHub Exploit DB Packet Storm
63 9.8
7.5 		CRITICAL
Network 		Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE CWE-120
Classic Buffer Overflow 		CVE-2020-11984 cpe:2.3:a:apache:http_server:*:* 2.4.32 2.4.43 2024-11-21 13:59
2020-08-8 		Show GitHub Exploit DB Packet Storm
64 6.1
5.8 		MEDIUM
Network 		In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL… CWE-601
Open Redirect 		CVE-2020-1927 cpe:2.3:a:apache:http_server:*:* 2.4.0 2.4.41 2024-11-21 14:11
2020-04-2 		Show GitHub Exploit DB Packet Storm
65 5.3
5.0 		MEDIUM
Network 		In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. CWE-908
 Use of Uninitialized Resource 		CVE-2020-1934 cpe:2.3:a:apache:http_server:*:* 2.4.0 2.4.41 2024-11-21 14:11
2020-04-2 		Show GitHub Exploit DB Packet Storm
66 9.1
6.4 		CRITICAL
Network 		In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. CWE-416
 Use After Free 		CVE-2019-10082 cpe:2.3:a:apache:http_server:*:* 2.4.18 2.4.39 2024-11-21 13:18
2019-09-27 		Show GitHub Exploit DB Packet Storm
67 7.2
6.0 		HIGH
Network 		In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buf… CWE-787
CWE-476
 Out-of-bounds Write
 NULL Pointer Dereference 		CVE-2019-10097 cpe:2.3:a:apache:http_server:2.4.38:*
cpe:2.3:a:apache:http_server:2.4.37:*
cpe:2.3:a:apache:http_server:2.4.35:*… 		2024-11-21 13:18
2019-09-27 		Show GitHub Exploit DB Packet Storm
68 6.1
4.3 		MEDIUM
Network 		In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instea… CWE-79
Cross-site Scripting 		CVE-2019-10092 cpe:2.3:a:apache:http_server:*:* 2.4.0 2.4.39 2024-11-21 13:18
2019-09-27 		Show GitHub Exploit DB Packet Storm
69 6.1
5.8 		MEDIUM
Network 		In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL wi… CWE-601
Open Redirect 		CVE-2019-10098 cpe:2.3:a:apache:http_server:*:* 2.4.0 2.4.39 2024-11-21 13:18
2019-09-26 		Show GitHub Exploit DB Packet Storm
70 7.5
5.0 		HIGH
Network 		HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copi… CWE-787
 Out-of-bounds Write 		CVE-2019-10081 cpe:2.3:a:apache:http_server:*:* 2.4.20 2.4.39 2024-11-21 13:18
2019-08-16 		Show GitHub Exploit DB Packet Storm