Apache Lounge httpd

by Apache Loungev2.4.68

Last updated Jun 11, 2026

httpd for Windows

Install with winget

$ winget install --id ApacheLounge.httpd --exact --version 2.4.68

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

Installers · v2.4.68

Architecture	Type	Scope	Install	Download
x86	ZIP archive	-		Direct
x64	ZIP archive	-		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

25 known CVEs via NVD

critical9.8Patched in wingetCVE-2026-44631affects before 2.4.68Jun 8, 2026
Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.
Vendor advisory
high7.3Patched in wingetCVE-2026-44186affects before 2.4.68Jun 8, 2026
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the mod_proxy_ftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue affects undefined: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, w...
Vendor advisory
high7.3Patched in wingetCVE-2026-44185affects before 2.4.68Jun 8, 2026
Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.
Vendor advisory
medium5.5Patched in wingetCVE-2026-44119affects before 2.4.68Jun 8, 2026
Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4....
Vendor advisory
medium6.5Patched in wingetCVE-2026-43951affects >=2.4.0 and <=2.4.67Jun 8, 2026
Out-of-bounds Read vulnerability in Apache HTTP Server with mod_headers and mod_mime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.
Vendor advisory
high7.5Patched in wingetCVE-2026-42536affects before 2.4.68Jun 8, 2026
Heap-based Buffer Overflow vulnerability in Apache HTTP Server with mod_xml2enc, xml2StartParse, and untrusted content This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.
Vendor advisory
critical9.1Patched in wingetCVE-2026-42535affects before 2.4.68Jun 8, 2026
A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes. Users are recommended to upgrade to version 2.4.68, which fixes this issue.
Vendor advisory
high7.5Patched in wingetCVE-2026-34356affects before 2.4.68Jun 8, 2026
Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie* This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.
Vendor advisory

Showing 8 of 25. Source: NVD, updated 6h ago. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr - automated patching is the only way to keep up.

Frequently asked questions

How do I install Apache Lounge httpd on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id ApacheLounge.httpd --exact --version 2.4.68. winget downloads the installer from Apache Lounge and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install Apache Lounge httpd silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id ApacheLounge.httpd --exact 2.4.68 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

How do I uninstall Apache Lounge httpd via winget?

Run: winget uninstall --id ApacheLounge.httpd --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from Apache Lounge httpd's Apps & Features entry.

Is Apache Lounge httpd free?

Apache Lounge httpd is distributed under Apache-2.0. Refer to the publisher (https://www.apachelounge.com/download/) for the full license terms - Wingetly itself does not charge for installation.

Does Apache Lounge httpd work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls Apache Lounge httpd directly from the publisher.

How do I keep Apache Lounge httpd up to date?

Run winget upgrade --id ApacheLounge.httpd --exact, or winget upgrade --all to update everything winget tracks. We index 5 versions of Apache Lounge httpd from microsoft/winget-pkgs.

Recent versions

2.4.68latest
2.4.67
2.4.66
2.4.65
2.4.57