To get the vulnerability information of an Apache HTTPD version, you have to make a call including the major Apache HTTPD version (or the minor one). The response will include all vulnerabilities for this major version.
https://www.wpvulnerability.net/apache/apache-major-or-minor-version/Example: Apache HTTPD 2.4
Apache HTTPD JSON response
This will return a JSON with the following format:
{
"error": 0,
"message": null,
"data": {
"name": "Apache HTTPD 2.x",
"apache": "2.x",
"status": "m",
"date_start": "1970-01-01"
"sate_end": "1971-12-31"
"vulnerability": [
{
"uuid": "example",
"name": "Apache HTTPD 2.x < 2.x.1",
"operator": {
"min_version": null,
"min_operator": null,
"max_version": "2.x.1",
"max_operator": "lt",
"unfixed": "0",
},
"source": [
{
"id": "CVE-0000-00001",
"name": "CVE-0000-00001",
"link": "https://www.cve.org/CVERecord?id=CVE-0000-00001",
"description": "This is an example of a vulnerability description.",
"date": "2003-05-27"
}
],
"impact": [
"cvss": {
"version": "3.1",
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"av": "n",
"ac": "l",
"pr": "n",
"ui": "n",
"s": "u",
"c": "h",
"i": "h",
"a": "h",
"score": "9.8",
"severity": "c",
"exploitable": "3.9",
"impact": "5.9"
},
"cvss2": {
"version": "2.0",
"vector": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"score": "7.5",
"severity": "high",
"av": "network",
"ac": "low",
"au": "none",
"c": "partial",
"i": "partial",
"a": "partial"
},
"cvss3": {
"version": "3.1",
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"score": "9.8",
"severity": "critical",
"av": "network",
"ac": "low",
"pr": "none",
"ui": "none",
"s": "unchanged",
"c": "high",
"i": "high",
"a": "high",
"exploitable": "3.9",
"impact": "5.9"
},
"cvss4": {
"version": "4.0",
"vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"score": "5.1",
"severity": "medium",
"av": "network",
"ac": "low",
"at": "none",
"pr": "high",
"ui": "none",
"vc": "low",
"vi": "low",
"va": "low",
"sc": "none",
"si": "none",
"sa": "none"
},
"kev": false,
"cwe": [
{
"cwe": "CWE89",
"name": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"description": "The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component."
}
]
]
}
]
},
"updated": 1053993600
}Apache HTTPD JSON description
error: If there is an error, the value will be 1. If there is no error, it will be 0.message: In case of error, an information message will be displayed.data: (object) Data information group.data → name: Apache HTTPD version.data → apache: Apache HTTPD major version.data → status: (values) Information URL.m: Maintaineds: Security supportd: Deprecated / Unmaintained
data → date_start: Date since the version was launched.data → date_end: Date when the version was deprecated / unmaintained.data → vulnerability: (array) Each of the plugin’s vulnerabilities.data → vulnerability → uuid: Apache HTTPD unique vulnerability ID.data → vulnerability → name: Vulnerability name.data → vulnerability → operator: (object) Vulnerability version calculation system. It is based on the PHP version_compare function.data → vulnerability → operator → min_version: Minimum version affected.data → vulnerability → operator → min_operator: Calculation operator.data → vulnerability → operator → max_version: Maximum version affected.data → vulnerability → operator → max_operator: Calculation operator.data → vulnerability → operator → unfixed: The vulnerability is unfixed.
data → vulnerability → source: (array) List of vulnerabilities.data → vulnerability → source → id: Source unique identifier.data → vulnerability → source → link: Source vulnerability information.data → vulnerability → source → description: Source vulnerability description.data → vulnerability → source → date: Date of publication of the vulnerability.
data → vulnerability → impact: (array) Impact of the vulnerability.data → vulnerability → impact → cvss2: (object) CVSS 2.0 score.data → vulnerability → impact → cvss → version: CVSS Version.data → vulnerability → impact → cvss → vector: CVSS Vector.data → vulnerability → impact → cvss → score: Base score.data → vulnerability → impact → cvss → severity: Severity label.data → vulnerability → impact → cvss → av: Access Vector.data → vulnerability → impact → cvss → ac: Access Complexity.data → vulnerability → impact → cvss → au: Authentication.data → vulnerability → impact → cvss → c: Confidentiality Impact.data → vulnerability → impact → cvss → i: Integrity Impact.data → vulnerability → impact → cvss → a: Availability Impact.
data → vulnerability → impact → cvss3: (object) CVSS 3.0/3.1 score.data → vulnerability → impact → cvss → version: CVSS Version.data → vulnerability → impact → cvss → vector: CVSS Vector.data → vulnerability → impact → cvss → score: Base score.data → vulnerability → impact → cvss → severity: Severity label.data → vulnerability → impact → cvss → av: Attack Vector.data → vulnerability → impact → cvss → ac: Attack Complexity.data → vulnerability → impact → cvss → pr: Privileges Required.data → vulnerability → impact → cvss → ui: User Interaction.data → vulnerability → impact → cvss → s: Scope.data → vulnerability → impact → cvss → c: Confidentiality Impact.data → vulnerability → impact → cvss → i: Integrity Impact.data → vulnerability → impact → cvss → a: Availability Impact.data → vulnerability → impact → cvss → exploitable: Exploitability sub-score.data → vulnerability → impact → cvss → impact: Impact sub-score.
data → vulnerability → impact → cvss4: (object) CVSS 4.0 score.data → vulnerability → impact → cvss → version: CVSS Version.data → vulnerability → impact → cvss → vector: CVSS Vector.data → vulnerability → impact → cvss → score: Base score.data → vulnerability → impact → cvss → severity: Severity label.data → vulnerability → impact → cvss → av: Attack Vector.data → vulnerability → impact → cvss → ac: Attack Complexity.data → vulnerability → impact → cvss → at: Attack Requirements.data → vulnerability → impact → cvss → pr: Privileges Required.data → vulnerability → impact → cvss → ui: User Interaction.data → vulnerability → impact → cvss → vc: Vulnerable System Confidentiality.data → vulnerability → impact → cvss → vi: Vulnerable System Integrity.data → vulnerability → impact → cvss → va: Vulnerable System Availability.data → vulnerability → impact → cvss → sc: Subsequent System Confidentiality.data → vulnerability → impact → cvss → si: Subsequent System Integrity.data → vulnerability → impact → cvss → sa: Subsequent System Availability.
data → vulnerability → impact → kev: Whether the vulnerability is in the CISA KEV catalog.data → vulnerability → impact → cwe: (array) CWE score.data → vulnerability → impact → cwe → cwe: CWE identification.data → vulnerability → impact → cwe → name: Name.data → vulnerability → impact → cwe → description: Description.
update: Last information update (UNIXTIME).
Important information
The Apache HTTPD API has information since Apache HTTPD 1.3, and also vulnerabilities that may apply to WordPress. This is not an Apache HTTPD vulnerability database.