Apache

Category - Web Servers

The Apache HTTP Server Project is an open-source HTTP server for modern operating systems including UNIX and Window.



We have discovered  18,559,738 live websites   that are using Apache.

Download Lead List
Download a sample report


Technology usage statistics

Websites using Apache18,559,738 websites
Most popular in the country United States
Market position in Web Servers#1
Market share in Web Servers32.43%
Most popular version2.4.62

Security vulnerabilites


PublishedCVETitleDomains
Jul, 2024CVE-2024-40725Apache HTTP Server: source code disclosure with handlers configured via AddType48,035
Jul, 2024CVE-2024-40898Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows2,119,935
Jul, 2024CVE-2024-39884Apache HTTP Server: source code disclosure with handlers configured via AddType899
Jul, 2024CVE-2024-38472Apache HTTP Server on WIndows UNC SSRF2,071,900
Jul, 2024CVE-2024-38473Apache HTTP Server proxy encoding problem2,071,900
Jul, 2024CVE-2024-38474Apache HTTP Server weakness with encoded question marks in backreferences2,071,900
Jul, 2024CVE-2024-38475Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.2,071,900
Jul, 2024CVE-2024-38476Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect2,071,900
Jul, 2024CVE-2024-38477Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request2,071,900
Jul, 2024CVE-2024-39573Apache HTTP Server: mod_rewrite proxy handler substitution2,071,900
Apr, 2024CVE-2023-38709Apache HTTP Server: HTTP response splitting2,438,659
Apr, 2024CVE-2024-24795Apache HTTP Server: HTTP Response Splitting in multiple modules1,956,670
Apr, 2024CVE-2024-27316Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames1,277,401
Oct, 2023CVE-2023-31122Apache HTTP Server: mod_macro buffer over-read2,376,473
Oct, 2023CVE-2023-43622Apache HTTP Server: DoS in HTTP/2 with initial windows size 0141,469
Oct, 2023CVE-2023-45802Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST1,215,215
Mar, 2023CVE-2023-25690Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy1,762,013
Mar, 2023CVE-2023-27522Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting704,043
Jan, 2023CVE-2006-20001Apache HTTP Server: mod_dav out of bounds read, or write of zero byte1,753,014
Jan, 2023CVE-2022-36760Apache HTTP Server: mod_proxy_ajp Possible request smuggling1,753,014
Jan, 2023CVE-2022-37436Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting2,235,004
Jun, 2022CVE-2022-28330read beyond bounds in mod_isapi2,168,026
Jun, 2022CVE-2022-28614read beyond bounds via ap_rwrite() 2,185,266
Jun, 2022CVE-2022-28615Read beyond bounds in ap_strcmp_match()2,168,026
Jun, 2022CVE-2022-29404Denial of service in mod_lua r:parsebody2,185,266
Jun, 2022CVE-2022-30522mod_sed denial of service17,240
Jun, 2022CVE-2022-31813mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism2,168,026
Mar, 2022CVE-2022-22719mod_lua Use of uninitialized value of in r:parsebody2,019,392
Mar, 2022CVE-2022-22720HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier2,019,392
Mar, 2022CVE-2022-23943mod_sed: Read/write beyond bounds1,686,036
Dec, 2021CVE-2021-44790Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier2,006,326
Oct, 2021CVE-2021-41524null pointer dereference in h2 fuzzing647
Sep, 2021CVE-2021-34798NULL pointer dereference in httpd core1,986,539
Sep, 2021CVE-2021-39275ap_escape_quotes buffer overflow1,986,539
Sep, 2021CVE-2021-40438mod_proxy SSRF1,986,539
Jun, 2021CVE-2021-31618NULL pointer dereference on specially crafted HTTP/2 request282
Jun, 2021CVE-2019-17567mod_proxy_wstunnel tunneling of non Upgraded connections1,455,698
Jun, 2021CVE-2020-13938Improper Handling of Insufficient Privileges1,504,047
Jun, 2021CVE-2020-13950mod_proxy_http NULL pointer dereference247,492
Jun, 2021CVE-2020-35452mod_auth_digest possible stack overflow by one nul byte1,504,047
Jun, 2021CVE-2021-26690mod_session NULL pointer dereference1,504,047
Jun, 2021CVE-2021-26691Apache HTTP Server mod_session response handling heap overflow1,504,047
Jun, 2021CVE-2021-30641Unexpected URL matching with 'MergeSlashes OFF'265,838
Apr, 2019CVE-2019-0215In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location clien...166,164
Jan, 2019CVE-2018-17189In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to pl...1,554,223
Mar, 2018CVE-2018-1301A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due t...1,539,959
Mar, 2018CVE-2018-1302When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4...1,539,959
Mar, 2018CVE-2018-1303A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2...1,539,959
Jul, 2017CVE-2017-9789When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would s...1,855
Jun, 2017CVE-2017-7668The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token li...1,537
Jul, 2015CVE-2015-3183The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly...1,158,689
Mar, 2015CVE-2015-0228The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server thr...1,158,667
Dec, 2014CVE-2014-3583The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Serv...1,073,560
Oct, 2014CVE-2014-3581The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Ap...1,155,834
Jul, 2014CVE-2013-4352The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache...530,359
Jul, 2014CVE-2014-0231The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which...1,073,560
Apr, 2014CVE-2013-5704The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHe...347,021
Mar, 2014CVE-2013-6438The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before...1,071,266
Mar, 2014CVE-2014-0098The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server b...1,071,266
Jul, 2013CVE-2013-2249mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with...530,338
Jul, 2013CVE-2013-1896mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled...432,967
Apr, 2012CVE-2012-0883envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name...527,125
Jan, 2012CVE-2012-0031scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial ...344,051
Sep, 2011CVE-2011-3348The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer ...344,051
Sep, 2009CVE-2009-3095The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access...3,449,155
Jul, 2009CVE-2009-1890The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server...481,989
Apr, 2009CVE-2009-1191mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers...188,263
Jan, 2008CVE-2007-6420Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Ap...89,358
Sep, 2007CVE-2007-4465Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, ...155,121
Sep, 2004CVE-2003-0016Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote a...71,357
Jul, 2003CVE-2003-0460The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly igno...3,250
Jun, 2002CVE-2001-1342Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of servic...957

Technology adoption

Recent changes in Apache usage.
Websites that added Apache 333,254
Websites that dropped Apache 1,082,770
Websites that changed version of Apache  1,884,591

Available Reports


Alternative Names

  • Apache HTTP Server

Technology Information


Major Versions

  • 2.xx (123 subversions, 3,378,210 domains)
  • 1.xx (28 subversions, 70,945 domains)

Apache usage by Country

United States4,881,697 websites



Germany3,918,932 websites
France1,221,722 websites
Japan833,877 websites
Netherlands732,623 websites
GB567,295 websites
Australia538,487 websites
Italy379,574 websites
British Virgin Islands371,669 websites
Denmark370,343 websites

Apache usage by TLD

.com7,144,078 websites
.de2,531,828 websites
.org812,515 websites
.net699,054 websites
.nl632,567 websites
.fr479,273 websites
.co.uk431,514 websites
.it311,170 websites
.pl279,225 websites
.com.br260,675 websites

Apache Versions

sorted by popularity
2.4.62847,222 websites
2.4.6494,844 websites
2.4.41204,595 websites
2.4.52148,633 websites
2.4.29138,594 websites
2.2.15115,828 websites
2.4.59115,230 websites
2.4.25114,134 websites
2.4.18105,061 websites
2.4.3793,616 websites

See all Apache versions ...

Websites utilizing Apache

Top websites that use Apache
DomainCountryRankContacts
download.macromedia.com United States50
adobe.com Netherlands88
simcast.com Singapore105
api.map.baidu.com China140
flickr.com United States156
baidu.com China177
See full domain list

Alternative Technologies


Nginx: Total 16,826,665 domains found using Nginx
Cloudflare Server: Total 6,631,605 domains found using Cloudflare Server
OpenResty: Total 4,194,163 domains found using OpenResty
LiteSpeed: Total 3,642,306 domains found using LiteSpeed
IIS: Total 2,180,607 domains found using IIS
Pepyaka: Total 2,098,736 domains found using Pepyaka
Caddy: Total 761,006 domains found using Caddy
Microsoft HTTPAPI: Total 743,101 domains found using Microsoft HTTPAPI
Cowboy: Total 228,118 domains found using Cowboy
GHS: Total 163,633 domains found using GHS

FAQ

Apache is Web Servers.
WebTechSurvey continually and systematically explores the internet, indexing technologies employed by websites, including Apache. Our clients can obtain listings of websites utilizing Apache through WebTechSurvey's platform.
There are 18,559,738 live websites that currently use Apache.
Apache has 32.43% market share in Web Servers.
The primary competing technologies to Apache are Nginx, Cloudflare Server, OpenResty, and LiteSpeed.
Apache contains multiple known security vulnerabilities, including CVE-2024-40725, CVE-2024-40898, CVE-2024-39884, and CVE-2024-38472.