Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Apache HTTP Server Number Of NVD 298 CRITICAL 25 HIGH 101 MEDIUM 159 LOW 13
URL https://httpd.apache.org/
Explanation It is the most widely used web server software in the world, and is used for everything from large commercial sites to home servers. It is also referred to simply as Apache.

The above text is excerpted from "https://ja.wikipedia.org/wiki/Apache_HTTP_Server".

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Tag
  • オープンソース
  • Apache License v2.0
Add Information URL
No Type Name URL
1 https://httpd.apache.org/download.cgi
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
71 New!! Apache HTTP Server 2.4 2.4.68 June 8, 2026 Feb. 21, 2012 22 39 36 1
72 Apache HTTP Server 2.0 2.0.65 July 10, 2013 April 6, 2002 July 10, 2013 9 29 73 5
73 Apache HTTP Server 2.3 2.3.9 8 10 9 0
74 Apache HTTP Server 2.2 2.2.9 12 21 69 7
75 Apache HTTP Server 2.1 2.1.9 9 10 13 0
76 Apache HTTP Server 2.0 2.0.9 9 22 54 4
77 Apache HTTP Server 12.2 12.2.1.3.0 0 0 0 0
78 Apache HTTP Server 12.1 12.1.3.0.0 0 0 0 0
79 Apache HTTP Server 11.1 11.1.1.9.0 0 0 0 0
80 Apache HTTP Server 1.99 1.99 9 12 12 0
81 Apache HTTP Server 1.4 1.4.0 9 12 12 0
82 Apache HTTP Server 1.3 1.3.9 10 28 43 3
83 Apache HTTP Server 1.2 1.2.9 9 17 19 0
84 Apache HTTP Server 1.15 1.15.17 9 13 12 0
85 Apache HTTP Server 1.1 1.1.1 9 19 20 0
86 Apache HTTP Server 1.0 1.0.5 9 18 20 0
87 Apache HTTP Server 0.8 0.8.14 9 17 19 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
71 7.5
7.8 		HIGH
Network 		Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without const… CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2019-9517 cpe:2.3:a:apache:http_server:*:* 2.4.20 2.4.40 2024-11-21 13:51
2019-08-14 		Show GitHub Exploit DB Packet Storm
72 4.2
4.9 		MEDIUM
Network 		A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2… CWE-444
HTTP Request Smuggling 		CVE-2019-0197 cpe:2.3:a:apache:http_server:*:* 2.4.34 2.4.38 2024-11-21 13:16
2019-06-12 		Show GitHub Exploit DB Packet Storm
73 5.3
5.0 		MEDIUM
Network 		A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining th… CWE-416
 Use After Free 		CVE-2019-0196 cpe:2.3:a:apache:http_server:*:* 2.4.17 2.4.38 2024-11-21 13:16
2019-06-12 		Show GitHub Exploit DB Packet Storm
74 5.3
5.0 		MEDIUM
Network 		A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule… CWE-706
 Use of Incorrectly-Resolved Name or Reference 		CVE-2019-0220 cpe:2.3:a:apache:http_server:*:* 2.4.0 2.4.38 2024-11-21 13:16
2019-06-12 		Show GitHub Exploit DB Packet Storm
75 7.8
7.2 		HIGH
Local 		In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scrip… CWE-416
 Use After Free 		CVE-2019-0211 cpe:2.3:a:apache:http_server:*:* 2.4.17 2.4.38 2024-11-21 13:16
2019-04-9 		Show GitHub Exploit DB Packet Storm
76 7.5
6.0 		HIGH
Network 		In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another usern… CWE-362
Race Condition 		CVE-2019-0217 cpe:2.3:a:apache:http_server:*:* 2.4.0 2.4.38 2024-11-21 13:16
2019-04-9 		Show GitHub Exploit DB Packet Storm
77 7.5
6.0 		HIGH
Network 		In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restri… NVD-CWE-noinfo
CVE-2019-0215 cpe:2.3:a:apache:http_server:2.4.38:*
cpe:2.3:a:apache:http_server:2.4.37:* 		2024-11-21 13:16
2019-04-9 		Show GitHub Exploit DB Packet Storm
78 7.5
5.0 		HIGH
Network 		In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessio… CWE-384
 Session Fixation 		CVE-2018-17199 cpe:2.3:a:apache:http_server:*:* 2.4.0 2.4.37 2024-11-21 12:54
2019-01-31 		Show GitHub Exploit DB Packet Storm
79 7.5
5.0 		HIGH
Network 		A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This b… NVD-CWE-noinfo
CVE-2019-0190 cpe:2.3:a:apache:http_server:2.4.37:* 2024-11-21 13:16
2019-01-31 		Show GitHub Exploit DB Packet Storm
80 5.3
5.0 		MEDIUM
Network 		In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up th… CWE-400
 Uncontrolled Resource Consumption 		CVE-2018-17189 cpe:2.3:a:apache:http_server:2.4.37:*
cpe:2.3:a:apache:http_server:2.4.35:*
cpe:2.3:a:apache:http_server:2.4.34:*… 		2024-11-21 12:54
2019-01-31 		Show GitHub Exploit DB Packet Storm