Vulnerability Reporthttpd:2.4.43-alpine

httpd:2.4.43-alpine
DIGESTsha256:fc11fbd1bc066776c608d2dddc6eafd1f6848ba709b452a6fa5d806fb13dd0f6

Executive Summary

Last scanned:

Threat Score
74/100CAUTION
Reputation
TRUSTED

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could achieve remote code execution or denial of service by exploiting flaws in zlib or expat, as httpd often compresses responses and may process XML. Disabling mod_deflate fully mitigates CVE-2018-25032, and ensuring XML parsing modules (e.g., mod_dav) are not exposed reduces risk from expat vulnerabilities. Note: the expat CVEs require processing external XML, which may not be enabled by default.

Vulnerabilities

Vulnerability Log

101 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2018-25032CRITICAL9.75
zlib
1.2.11-r3
fixed in 1.2.12-r0
52.1%
Actively Exploited
Directly ExposedContext importance: HIGH
CVE-2022-22825HIGH8.8
expat
2.2.9-r1
fixed in 2.2.10-r0
2.6%
Low-Moderate Risk
Directly Exposed
CVE-2022-22826HIGH8.8
expat
2.2.9-r1
fixed in 2.2.10-r0
2.8%
Low-Moderate Risk
Directly Exposed
CVE-2022-22827HIGH8.8
expat
2.2.9-r1
fixed in 2.2.10-r0
2.8%
Low-Moderate Risk
Directly Exposed
CVE-2022-24407HIGH8.8
libsasl
2.1.27-r6
fixed in 2.1.28-r0
4.1%
Low-Moderate Risk
Directly Exposed
CVE-2022-1271HIGH8.8
xz-libs
5.2.5-r0
fixed in 5.2.5-r1
4.3%
Low-Moderate Risk
Directly Exposed
CVE-2021-3517HIGH8.6
libxml2
2.9.10-r4
fixed in 2.9.10-r6
8.3%
Low-Moderate Risk
Directly Exposed
CVE-2021-3450HIGH8.51
libcrypto1.1
1.1.1g-r0
fixed in 1.1.1k-r0
18.3%
High Exploitation Risk
Directly Exposed
CVE-2021-3450HIGH8.51
libssl1.1
1.1.1g-r0
fixed in 1.1.1k-r0
18.3%
High Exploitation Risk
Directly Exposed
CVE-2022-25236HIGH8
expat
2.2.9-r1
fixed in 2.2.10-r2
34.2%
High Exploitation Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-22822HIGH7.84
expat
2.2.9-r1
fixed in 2.2.10-r0
4.8%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-22823HIGH7.84
expat
2.2.9-r1
fixed in 2.2.10-r0
3.4%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-22824HIGH7.84
expat
2.2.9-r1
fixed in 2.2.10-r0
3.4%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-23852HIGH7.84
expat
2.2.9-r1
fixed in 2.2.10-r1
4.5%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-25235HIGH7.84
expat
2.2.9-r1
fixed in 2.2.10-r2
5.0%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-25315HIGH7.84
expat
2.2.9-r1
fixed in 2.2.10-r2
4.8%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2021-46143HIGH7.8
expat
2.2.9-r1
fixed in 2.2.10-r0
3.8%
Low-Moderate Risk
Directly Exposed
CVE-2021-23840HIGH7.8
libcrypto1.1
1.1.1g-r0
fixed in 1.1.1j-r0
50.7%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2022-0778HIGH7.8
libcrypto1.1
1.1.1g-r0
fixed in 1.1.1n-r0
70.6%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2021-23840HIGH7.8
libssl1.1
1.1.1g-r0
fixed in 1.1.1j-r0
50.7%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2022-0778HIGH7.8
libssl1.1
1.1.1g-r0
fixed in 1.1.1n-r0
70.6%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2021-3449HIGH7.67
libcrypto1.1
1.1.1g-r0
fixed in 1.1.1k-r0
62.9%
Actively Exploited
Directly Exposed
CVE-2021-3449HIGH7.67
libssl1.1
1.1.1g-r0
fixed in 1.1.1k-r0
62.9%
Actively Exploited
Directly Exposed
CVE-2022-23990HIGH7.5
expat
2.2.9-r1
fixed in 2.2.10-r1
4.0%
Low-Moderate Risk
Directly Exposed
CVE-2022-25314HIGH7.5
expat
2.2.9-r1
fixed in 2.2.10-r2
4.7%
Low-Moderate Risk
Directly Exposed
CVE-2020-25692HIGH7.5
libldap
2.4.50-r0
fixed in 2.4.50-r1
2.2%
Low-Moderate Risk
Directly Exposed
CVE-2020-25709HIGH7.5
libldap
2.4.50-r0
fixed in 2.4.50-r1
2.9%
Low-Moderate Risk
Directly Exposed
CVE-2020-25710HIGH7.5
libldap
2.4.50-r0
fixed in 2.4.50-r1
2.7%
Low-Moderate Risk
Directly Exposed
CVE-2022-23308HIGH7.5
libxml2
2.9.10-r4
fixed in 2.9.13-r0
6.0%
Low-Moderate Risk
Directly Exposed
CVE-2021-45960HIGH7.04
expat
2.2.9-r1
fixed in 2.2.10-r0
4.2%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2021-3518HIGH7.04
libxml2
2.9.10-r4
fixed in 2.9.10-r6
3.7%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2020-8927MEDIUM6.5
brotli-libs
1.0.7-r5
fixed in 1.0.9-r0
3.2%
Low-Moderate Risk
Directly Exposed
CVE-2022-25313MEDIUM6.5
expat
2.2.9-r1
fixed in 2.2.10-r2
3.3%
Low-Moderate Risk
Directly Exposed
CVE-2020-24977MEDIUM6.5
libxml2
2.9.10-r4
fixed in 2.9.10-r5
3.7%
Low-Moderate Risk
Directly Exposed
CVE-2021-3541MEDIUM6.5
libxml2
2.9.10-r4
fixed in 2.9.12-r0
1.9%
Low-Moderate Risk
Directly Exposed
CVE-2022-29824MEDIUM6.5
libxml2
2.9.10-r4
fixed in 2.9.14-r0
3.6%
Low-Moderate Risk
Directly Exposed
CVE-2020-1971MEDIUM5.9
libcrypto1.1
1.1.1g-r0
fixed in 1.1.1i-r0
7.0%
Low-Moderate Risk
Directly Exposed
CVE-2021-23841MEDIUM5.9
libcrypto1.1
1.1.1g-r0
fixed in 1.1.1j-r0
7.5%
Low-Moderate Risk
Directly Exposed
CVE-2020-1971MEDIUM5.9
libssl1.1
1.1.1g-r0
fixed in 1.1.1i-r0
7.0%
Low-Moderate Risk
Directly Exposed
CVE-2021-23841MEDIUM5.9
libssl1.1
1.1.1g-r0
fixed in 1.1.1j-r0
7.5%
Low-Moderate Risk
Directly Exposed
CVE-2021-3537MEDIUM5.9
libxml2
2.9.10-r4
fixed in 2.9.10-r6
3.5%
Low-Moderate Risk
Directly Exposed
CVE-2021-3995MEDIUM4.67
libuuid
2.35.2-r0
fixed in 2.37.3-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2021-3996MEDIUM4.67
libuuid
2.35.2-r0
fixed in 2.37.3-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2022-0563MEDIUM4.67
libuuid
2.35.2-r0
fixed in 2.37.4-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2020-28928MEDIUM4.67
musl
1.1.24-r9
fixed in 1.1.24-r10
0.6%
Theoretical Threat
Directly Exposed
CVE-2020-28928MEDIUM4.67
musl-utils
1.1.24-r8
fixed in 1.1.24-r10
0.6%
Theoretical Threat
Directly Exposed
CVE-2021-3711MEDIUM4.58
libcrypto1.1
1.1.1g-r0
fixed in 1.1.1l-r0
87.8%
Actively Exploited
Post-Exploit
CVE-2021-3711MEDIUM4.58
libssl1.1
1.1.1g-r0
fixed in 1.1.1l-r0
87.8%
Actively Exploited
Post-Exploit
CVE-2021-30139MEDIUM4.5
apk-tools
2.10.5-r1
fixed in 2.10.6-r0
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-28831MEDIUM4.5
busybox
1.31.1-r16
fixed in 1.31.1-r20
2.7%
Low-Moderate Risk
Post-Exploit
CVE-2020-8286MEDIUM4.5
libcurl
7.69.1-r0
fixed in 7.69.1-r3
4.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-22946MEDIUM4.5
libcurl
7.69.1-r0
fixed in 7.79.0-r0
4.2%
Low-Moderate Risk
Post-Exploit
CVE-2022-27775MEDIUM4.5
libcurl
7.69.1-r0
fixed in 7.79.1-r1
2.8%
Low-Moderate Risk
Post-Exploit
CVE-2021-28831MEDIUM4.5
ssl_client
1.31.1-r16
fixed in 1.31.1-r20
2.7%
Low-Moderate Risk
Post-Exploit
CVE-2021-42378MEDIUM4.32
busybox
1.31.1-r16
fixed in 1.31.1-r21
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42379MEDIUM4.32
busybox
1.31.1-r16
fixed in 1.31.1-r21
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42380MEDIUM4.32
busybox
1.31.1-r16
fixed in 1.31.1-r21
2.8%
Low-Moderate Risk
Post-Exploit
CVE-2021-42381MEDIUM4.32
busybox
1.31.1-r16
fixed in 1.31.1-r21
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42382MEDIUM4.32
busybox
1.31.1-r16
fixed in 1.31.1-r21
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42383MEDIUM4.32
busybox
1.31.1-r16
fixed in 1.31.1-r21
2.1%
Low-Moderate Risk
Post-Exploit
CVE-2021-42384MEDIUM4.32
busybox
1.31.1-r16
fixed in 1.31.1-r21
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42385MEDIUM4.32
busybox
1.31.1-r16
fixed in 1.31.1-r21
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42386MEDIUM4.32
busybox
1.31.1-r16
fixed in 1.31.1-r21
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42378MEDIUM4.32
ssl_client
1.31.1-r16
fixed in 1.31.1-r21
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42379MEDIUM4.32
ssl_client
1.31.1-r16
fixed in 1.31.1-r21
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42380MEDIUM4.32
ssl_client
1.31.1-r16
fixed in 1.31.1-r21
2.8%
Low-Moderate Risk
Post-Exploit
CVE-2021-42381MEDIUM4.32
ssl_client
1.31.1-r16
fixed in 1.31.1-r21
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42382MEDIUM4.32
ssl_client
1.31.1-r16
fixed in 1.31.1-r21
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42383MEDIUM4.32
ssl_client
1.31.1-r16
fixed in 1.31.1-r21
2.1%
Low-Moderate Risk
Post-Exploit
CVE-2021-42384MEDIUM4.32
ssl_client
1.31.1-r16
fixed in 1.31.1-r21
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42385MEDIUM4.32
ssl_client
1.31.1-r16
fixed in 1.31.1-r21
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42386MEDIUM4.32
ssl_client
1.31.1-r16
fixed in 1.31.1-r21
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2022-37434MEDIUM4.06
zlib
1.2.11-r3
fixed in 1.2.12-r2
16.0%
High Exploitation Risk
Post-Exploit
CVE-2021-22922LOW3.9
libcurl
7.69.1-r0
fixed in 7.78.0-r0
4.3%
Low-Moderate Risk
Post-Exploit
CVE-2022-27776LOW3.9
libcurl
7.69.1-r0
fixed in 7.79.1-r1
3.4%
Low-Moderate Risk
Post-Exploit
CVE-2021-22901LOW3.79
libcurl
7.69.1-r0
fixed in 7.77.0-r0
60.1%
Actively Exploited
Post-Exploit
CVE-2021-23839LOW3.7
libcrypto1.1
1.1.1g-r0
fixed in 1.1.1j-r0
3.0%
Low-Moderate Risk
Directly Exposed
CVE-2021-23839LOW3.7
libssl1.1
1.1.1g-r0
fixed in 1.1.1j-r0
3.0%
Low-Moderate Risk
Directly Exposed
CVE-2021-22947LOW3.54
libcurl
7.69.1-r0
fixed in 7.79.0-r0
2.8%
Low-Moderate Risk
Post-Exploit
CVE-2021-27212LOW3.51
libldap
2.4.50-r0
fixed in 2.4.50-r2
64.1%
Actively Exploited
Post-Exploit
CVE-2021-3712LOW3.46
libcrypto1.1
1.1.1g-r0
fixed in 1.1.1l-r0
50.4%
Actively Exploited
Post-Exploit
CVE-2021-3712LOW3.46
libssl1.1
1.1.1g-r0
fixed in 1.1.1l-r0
50.4%
Actively Exploited
Post-Exploit
CVE-2022-27774LOW3.42
libcurl
7.69.1-r0
fixed in 7.79.1-r1
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-36159LOW3.28
apk-tools
2.10.5-r1
fixed in 2.10.7-r0
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-22945LOW3.28
libcurl
7.69.1-r0
fixed in 7.79.0-r0
6.2%
Low-Moderate Risk
Post-Exploit
CVE-2021-22876LOW3.18
libcurl
7.69.1-r0
fixed in 7.76.0-r0
5.3%
Low-Moderate Risk
Post-Exploit
CVE-2021-22923LOW3.18
libcurl
7.69.1-r0
fixed in 7.78.0-r0
1.8%
Low-Moderate Risk
Post-Exploit
CVE-2021-22925LOW3.18
libcurl
7.69.1-r0
fixed in 7.78.0-r0
4.9%
Low-Moderate Risk
Post-Exploit
CVE-2022-28391LOW3.17
busybox
1.31.1-r16
fixed in 1.31.1-r22
3.5%
Low-Moderate Risk
Post-Exploit
CVE-2022-28391LOW3.17
ssl_client
1.31.1-r16
fixed in 1.31.1-r22
3.5%
Low-Moderate Risk
Post-Exploit
CVE-2022-22576LOW2.92
libcurl
7.69.1-r0
fixed in 7.79.1-r1
1.9%
Low-Moderate Risk
Post-Exploit
CVE-2020-8177LOW2.81
libcurl
7.69.1-r0
fixed in 7.69.1-r1
1.2%
Low-Moderate Risk
Post-Exploit
CVE-2020-8169LOW2.7
libcurl
7.69.1-r0
fixed in 7.69.1-r1
3.4%
Low-Moderate Risk
Post-Exploit
CVE-2020-8231LOW2.7
libcurl
7.69.1-r0
fixed in 7.69.1-r2
3.7%
Low-Moderate Risk
Post-Exploit
CVE-2020-8285LOW2.7
libcurl
7.69.1-r0
fixed in 7.69.1-r3
9.9%
Low-Moderate Risk
Post-Exploit
CVE-2021-42374LOW2.7
busybox
1.31.1-r16
fixed in 1.31.1-r21
0.6%
Theoretical Threat
Post-Exploit
CVE-2021-42374LOW2.7
ssl_client
1.31.1-r16
fixed in 1.31.1-r21
0.6%
Theoretical Threat
Post-Exploit
CVE-2020-8284LOW2.22
libcurl
7.69.1-r0
fixed in 7.74.0-r0
3.9%
Low-Moderate Risk
Post-Exploit
CVE-2021-22890LOW2.22
libcurl
7.69.1-r0
fixed in 7.76.0-r0
3.1%
Low-Moderate Risk
Post-Exploit
CVE-2021-22924LOW2.22
libcurl
7.69.1-r0
fixed in 7.78.0-r0
6.3%
Low-Moderate Risk
Post-Exploit
CVE-2021-22898LOW1.86
libcurl
7.69.1-r0
fixed in 7.77.0-r0
4.4%
Low-Moderate Risk
Post-Exploit

Want to check another image? Run a full scan with the Docker Security Scanner.