Vulnerability Reporthttpd:2.4.46-alpine

httpd:2.4.46-alpine
DIGESTsha256:4408d34da1e0d03d71ecbfdfc747fe03f71dff05a69ece87e33ac2ca986478c7

Executive Summary

Last scanned:

Threat Score
74/100CAUTION
Reputation
TRUSTED

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could cause denial of service, leak sensitive memory, or achieve remote code execution via the exposed OpenSSL and expat vulnerabilities (CVE-2022-0778, CVE-2021-3712). No configuration workarounds fully mitigate these risks; patching is required.

Vulnerabilities

Vulnerability Log

89 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2022-0778CRITICAL9.75
libcrypto1.1
1.1.1k-r0
fixed in 1.1.1n-r0
70.6%
Actively Exploited
Directly ExposedContext importance: HIGH
CVE-2022-0778CRITICAL9.75
libssl1.1
1.1.1k-r0
fixed in 1.1.1n-r0
70.6%
Actively Exploited
Directly ExposedContext importance: HIGH
CVE-2021-3712CRITICAL9.62
libcrypto1.1
1.1.1k-r0
fixed in 1.1.1l-r0
50.4%
Actively Exploited
Directly ExposedContext importance: HIGH
CVE-2021-3712CRITICAL9.62
libssl1.1
1.1.1k-r0
fixed in 1.1.1l-r0
50.4%
Actively Exploited
Directly ExposedContext importance: HIGH
CVE-2022-22827HIGH8.8
expat
2.2.10-r1
fixed in 2.2.10-r2
2.8%
Low-Moderate Risk
Directly Exposed
CVE-2022-24407HIGH8.8
libsasl
2.1.27-r10
fixed in 2.1.28-r0
4.1%
Low-Moderate Risk
Directly Exposed
CVE-2022-40303HIGH8.62
libxml2
2.9.10-r6
fixed in 2.9.14-r2
22.8%
High Exploitation Risk
Directly Exposed
CVE-2021-3517HIGH8.6
libxml2
2.9.10-r6
fixed in 2.9.10-r7
8.3%
Low-Moderate Risk
Directly Exposed
CVE-2022-40674HIGH8.1
expat
2.2.10-r1
fixed in 2.2.10-r7
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2021-46143HIGH7.8
expat
2.2.10-r1
fixed in 2.2.10-r2
3.8%
Low-Moderate Risk
Directly Exposed
CVE-2022-40304HIGH7.8
libxml2
2.9.10-r6
fixed in 2.9.14-r2
6.8%
Low-Moderate Risk
Directly Exposed
CVE-2018-25032HIGH7.8
zlib
1.2.11-r3
fixed in 1.2.12-r0
52.1%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2022-23990HIGH7.5
expat
2.2.10-r1
fixed in 2.2.10-r3
4.0%
Low-Moderate Risk
Directly Exposed
CVE-2022-25314HIGH7.5
expat
2.2.10-r1
fixed in 2.2.10-r4
4.7%
Low-Moderate Risk
Directly Exposed
CVE-2022-43680HIGH7.5
expat
2.2.10-r1
fixed in 2.2.10-r8
2.2%
Low-Moderate Risk
Directly Exposed
CVE-2022-2309HIGH7.5
libxml2
2.9.10-r6
fixed in 2.9.14-r1
2.5%
Low-Moderate Risk
Directly Exposed
CVE-2022-23308HIGH7.5
libxml2
2.9.10-r6
fixed in 2.9.13-r0
6.0%
Low-Moderate Risk
Directly Exposed
CVE-2022-25313MEDIUM6.5
expat
2.2.10-r1
fixed in 2.2.10-r4
3.3%
Low-Moderate Risk
Directly Exposed
CVE-2021-3541MEDIUM6.5
libxml2
2.9.10-r6
fixed in 2.9.11-r0
1.9%
Low-Moderate Risk
Directly Exposed
CVE-2022-29824MEDIUM6.5
libxml2
2.9.10-r6
fixed in 2.9.14-r0
3.6%
Low-Moderate Risk
Directly Exposed
CVE-2021-3537MEDIUM5.9
libxml2
2.9.10-r6
fixed in 2.9.10-r7
3.5%
Low-Moderate Risk
Directly Exposed
CVE-2022-2097MEDIUM5.3
libcrypto1.1
1.1.1k-r0
fixed in 1.1.1q-r0
4.4%
Low-Moderate Risk
Directly Exposed
CVE-2022-2097MEDIUM5.3
libssl1.1
1.1.1k-r0
fixed in 1.1.1q-r0
4.4%
Low-Moderate Risk
Directly Exposed
CVE-2021-3995MEDIUM4.67
libuuid
2.36.1-r1
fixed in 2.37.3-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2021-3996MEDIUM4.67
libuuid
2.36.1-r1
fixed in 2.37.3-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2022-0563MEDIUM4.67
libuuid
2.36.1-r1
fixed in 2.37.4-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2021-3711MEDIUM4.58
libcrypto1.1
1.1.1k-r0
fixed in 1.1.1l-r0
87.8%
Actively Exploited
Post-Exploit
CVE-2021-3711MEDIUM4.58
libssl1.1
1.1.1k-r0
fixed in 1.1.1l-r0
87.8%
Actively Exploited
Post-Exploit
CVE-2022-27775MEDIUM4.5
libcurl
7.76.1-r0
fixed in 7.79.1-r1
2.8%
Low-Moderate Risk
Post-Exploit
CVE-2022-27781MEDIUM4.5
libcurl
7.76.1-r0
fixed in 7.79.1-r2
2.4%
Low-Moderate Risk
Post-Exploit
CVE-2022-27782MEDIUM4.5
libcurl
7.76.1-r0
fixed in 7.79.1-r2
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2022-32206MEDIUM4.48
libcurl
7.76.1-r0
fixed in 7.79.1-r2
32.0%
High Exploitation Risk
Post-Exploit
CVE-2021-42378MEDIUM4.32
busybox
1.32.1-r6
fixed in 1.32.1-r7
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42379MEDIUM4.32
busybox
1.32.1-r6
fixed in 1.32.1-r7
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42380MEDIUM4.32
busybox
1.32.1-r6
fixed in 1.32.1-r7
2.8%
Low-Moderate Risk
Post-Exploit
CVE-2021-42381MEDIUM4.32
busybox
1.32.1-r6
fixed in 1.32.1-r7
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42382MEDIUM4.32
busybox
1.32.1-r6
fixed in 1.32.1-r7
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42383MEDIUM4.32
busybox
1.32.1-r6
fixed in 1.32.1-r7
2.1%
Low-Moderate Risk
Post-Exploit
CVE-2021-42384MEDIUM4.32
busybox
1.32.1-r6
fixed in 1.32.1-r7
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42385MEDIUM4.32
busybox
1.32.1-r6
fixed in 1.32.1-r7
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42386MEDIUM4.32
busybox
1.32.1-r6
fixed in 1.32.1-r7
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42378MEDIUM4.32
ssl_client
1.32.1-r6
fixed in 1.32.1-r7
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42379MEDIUM4.32
ssl_client
1.32.1-r6
fixed in 1.32.1-r7
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42380MEDIUM4.32
ssl_client
1.32.1-r6
fixed in 1.32.1-r7
2.8%
Low-Moderate Risk
Post-Exploit
CVE-2021-42381MEDIUM4.32
ssl_client
1.32.1-r6
fixed in 1.32.1-r7
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42382MEDIUM4.32
ssl_client
1.32.1-r6
fixed in 1.32.1-r7
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42383MEDIUM4.32
ssl_client
1.32.1-r6
fixed in 1.32.1-r7
2.1%
Low-Moderate Risk
Post-Exploit
CVE-2021-42384MEDIUM4.32
ssl_client
1.32.1-r6
fixed in 1.32.1-r7
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42385MEDIUM4.32
ssl_client
1.32.1-r6
fixed in 1.32.1-r7
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42386MEDIUM4.32
ssl_client
1.32.1-r6
fixed in 1.32.1-r7
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2022-25236MEDIUM4.06
expat
2.2.10-r1
fixed in 2.2.10-r4
34.2%
High Exploitation Risk
Post-Exploit
CVE-2022-37434MEDIUM4.06
zlib
1.2.11-r3
fixed in 1.2.12-r2
16.0%
High Exploitation Risk
Post-Exploit
CVE-2021-22922LOW3.9
libcurl
7.76.1-r0
fixed in 7.78.0-r0
4.3%
Low-Moderate Risk
Post-Exploit
CVE-2022-27776LOW3.9
libcurl
7.76.1-r0
fixed in 7.79.1-r1
3.4%
Low-Moderate Risk
Post-Exploit
CVE-2021-22901LOW3.79
libcurl
7.76.1-r0
fixed in 7.77.0-r0
60.1%
Actively Exploited
Post-Exploit
CVE-2021-22947LOW3.54
libcurl
7.76.1-r0
fixed in 7.79.0-r0
2.8%
Low-Moderate Risk
Post-Exploit
CVE-2022-32208LOW3.54
libcurl
7.76.1-r0
fixed in 7.79.1-r2
6.8%
Low-Moderate Risk
Post-Exploit
CVE-2022-22822LOW3.53
expat
2.2.10-r1
fixed in 2.2.10-r2
4.8%
Low-Moderate Risk
Post-Exploit
CVE-2022-22823LOW3.53
expat
2.2.10-r1
fixed in 2.2.10-r2
3.4%
Low-Moderate Risk
Post-Exploit
CVE-2022-22824LOW3.53
expat
2.2.10-r1
fixed in 2.2.10-r2
3.4%
Low-Moderate Risk
Post-Exploit
CVE-2022-23852LOW3.53
expat
2.2.10-r1
fixed in 2.2.10-r3
4.5%
Low-Moderate Risk
Post-Exploit
CVE-2022-25235LOW3.53
expat
2.2.10-r1
fixed in 2.2.10-r4
5.0%
Low-Moderate Risk
Post-Exploit
CVE-2022-25315LOW3.53
expat
2.2.10-r1
fixed in 2.2.10-r4
4.8%
Low-Moderate Risk
Post-Exploit
CVE-2022-32207LOW3.53
libcurl
7.76.1-r0
fixed in 7.79.1-r2
6.8%
Low-Moderate Risk
Post-Exploit
CVE-2022-27774LOW3.42
libcurl
7.76.1-r0
fixed in 7.79.1-r1
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-36159LOW3.28
apk-tools
2.12.5-r0
fixed in 2.12.6-r0
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-22945LOW3.28
libcurl
7.76.1-r0
fixed in 7.79.0-r0
6.2%
Low-Moderate Risk
Post-Exploit
CVE-2021-22923LOW3.18
libcurl
7.76.1-r0
fixed in 7.78.0-r0
1.8%
Low-Moderate Risk
Post-Exploit
CVE-2021-22925LOW3.18
libcurl
7.76.1-r0
fixed in 7.78.0-r0
4.9%
Low-Moderate Risk
Post-Exploit
CVE-2022-28391LOW3.17
busybox
1.32.1-r6
fixed in 1.32.1-r8
3.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-45960LOW3.17
expat
2.2.10-r1
fixed in 2.2.10-r2
4.2%
Low-Moderate Risk
Post-Exploit
CVE-2022-22825LOW3.17
expat
2.2.10-r1
fixed in 2.2.10-r2
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2022-22826LOW3.17
expat
2.2.10-r1
fixed in 2.2.10-r2
2.8%
Low-Moderate Risk
Post-Exploit
CVE-2021-3518LOW3.17
libxml2
2.9.10-r6
fixed in 2.9.10-r7
3.7%
Low-Moderate Risk
Post-Exploit
CVE-2022-28391LOW3.17
ssl_client
1.32.1-r6
fixed in 1.32.1-r8
3.5%
Low-Moderate Risk
Post-Exploit
CVE-2022-1271LOW3.17
xz-libs
5.2.5-r0
fixed in 5.2.5-r1
4.3%
Low-Moderate Risk
Post-Exploit
CVE-2022-32205LOW2.97
libcurl
7.76.1-r0
fixed in 7.79.1-r2
26.9%
High Exploitation Risk
Post-Exploit
CVE-2022-22576LOW2.92
libcurl
7.76.1-r0
fixed in 7.79.1-r1
1.9%
Low-Moderate Risk
Post-Exploit
CVE-2022-30065LOW2.81
busybox
1.32.1-r6
fixed in 1.32.1-r9
1.2%
Low-Moderate Risk
Post-Exploit
CVE-2022-30065LOW2.81
ssl_client
1.32.1-r6
fixed in 1.32.1-r9
1.2%
Low-Moderate Risk
Post-Exploit
CVE-2021-42375LOW2.8
busybox
1.32.1-r6
fixed in 1.32.1-r7
0.4%
Theoretical Threat
Post-Exploit
CVE-2021-42375LOW2.8
ssl_client
1.32.1-r6
fixed in 1.32.1-r7
0.4%
Theoretical Threat
Post-Exploit
CVE-2021-22946LOW2.7
libcurl
7.76.1-r0
fixed in 7.79.0-r0
4.2%
Low-Moderate Risk
Post-Exploit
CVE-2021-42374LOW2.7
busybox
1.32.1-r6
fixed in 1.32.1-r7
0.6%
Theoretical Threat
Post-Exploit
CVE-2021-42374LOW2.7
ssl_client
1.32.1-r6
fixed in 1.32.1-r7
0.6%
Theoretical Threat
Post-Exploit
CVE-2021-22924LOW2.22
libcurl
7.76.1-r0
fixed in 7.78.0-r0
6.3%
Low-Moderate Risk
Post-Exploit
CVE-2022-35252LOW2.22
libcurl
7.76.1-r0
fixed in 7.79.1-r3
1.8%
Low-Moderate Risk
Post-Exploit
CVE-2021-22898LOW1.86
libcurl
7.76.1-r0
fixed in 7.77.0-r0
4.4%
Low-Moderate Risk
Post-Exploit
CVE-2021-35940.patchNONE0
apr
1.7.0-r0
fixed in 1.7.0-r1
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.