Vulnerability Reporthttpd:2.4.47-alpine

httpd:2.4.47-alpine
DIGESTsha256:20320185f1b67b0d8272ae49cc1f8f1eb7dddfb1f854d5ac8bddfb77621ecd12

Executive Summary

Last scanned:

Threat Score
100/100DANGEROUS
Reputation
TRUSTED

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could achieve remote code execution via crafted XML (CVE-2022-25236) or gzip data (CVE-2022-37434 if mod_deflate is active), or cause a denial of service via a crafted TLS certificate (CVE-2022-0778). The expat and OpenSSL vulnerabilities are directly exploitable without special configuration; the zlib issue requires the server to process gzip content with inflateGetHeader, which may not be default. As an official image, supply chain trust is high, but the vulnerability density is unacceptable for production. Immediate remediation via update or alternate base image is required.

Vulnerabilities

Vulnerability Log

89 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2022-25236CRITICAL10
expat
2.2.10-r1
fixed in 2.2.10-r4
34.2%
High Exploitation Risk
Directly ExposedContext importance: HIGH
CVE-2022-37434CRITICAL10
zlib
1.2.11-r3
fixed in 1.2.12-r2
16.0%
High Exploitation Risk
Directly ExposedContext importance: HIGH
CVE-2022-22822CRITICAL9.8
expat
2.2.10-r1
fixed in 2.2.10-r2
4.8%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2022-22823CRITICAL9.8
expat
2.2.10-r1
fixed in 2.2.10-r2
3.4%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2022-22824CRITICAL9.8
expat
2.2.10-r1
fixed in 2.2.10-r2
3.4%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2022-23852CRITICAL9.8
expat
2.2.10-r1
fixed in 2.2.10-r3
4.5%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2022-25235CRITICAL9.8
expat
2.2.10-r1
fixed in 2.2.10-r4
5.0%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2022-25315CRITICAL9.8
expat
2.2.10-r1
fixed in 2.2.10-r4
4.8%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2022-0778CRITICAL9.75
libcrypto1.1
1.1.1k-r0
fixed in 1.1.1n-r0
70.6%
Actively Exploited
Directly ExposedContext importance: HIGH
CVE-2022-0778CRITICAL9.75
libssl1.1
1.1.1k-r0
fixed in 1.1.1n-r0
70.6%
Actively Exploited
Directly ExposedContext importance: HIGH
CVE-2018-25032CRITICAL9.75
zlib
1.2.11-r3
fixed in 1.2.12-r0
52.1%
Actively Exploited
Directly ExposedContext importance: HIGH
CVE-2021-45960HIGH8.8
expat
2.2.10-r1
fixed in 2.2.10-r2
4.2%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2022-22825HIGH8.8
expat
2.2.10-r1
fixed in 2.2.10-r2
2.6%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2022-22826HIGH8.8
expat
2.2.10-r1
fixed in 2.2.10-r2
2.8%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2022-22827HIGH8.8
expat
2.2.10-r1
fixed in 2.2.10-r2
2.8%
Low-Moderate Risk
Directly Exposed
CVE-2022-24407HIGH8.8
libsasl
2.1.27-r10
fixed in 2.1.28-r0
4.1%
Low-Moderate Risk
Directly Exposed
CVE-2021-3518HIGH8.8
libxml2
2.9.10-r6
fixed in 2.9.10-r7
3.7%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2022-40303HIGH8.62
libxml2
2.9.10-r6
fixed in 2.9.14-r2
22.8%
High Exploitation Risk
Directly Exposed
CVE-2021-3517HIGH8.6
libxml2
2.9.10-r6
fixed in 2.9.10-r7
8.3%
Low-Moderate Risk
Directly Exposed
CVE-2022-40674HIGH8.1
expat
2.2.10-r1
fixed in 2.2.10-r7
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2021-3711HIGH8
libcrypto1.1
1.1.1k-r0
fixed in 1.1.1l-r0
87.8%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2021-3711HIGH8
libssl1.1
1.1.1k-r0
fixed in 1.1.1l-r0
87.8%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2021-46143HIGH7.8
expat
2.2.10-r1
fixed in 2.2.10-r2
3.8%
Low-Moderate Risk
Directly Exposed
CVE-2022-40304HIGH7.8
libxml2
2.9.10-r6
fixed in 2.9.14-r2
6.8%
Low-Moderate Risk
Directly Exposed
CVE-2021-3712HIGH7.7
libcrypto1.1
1.1.1k-r0
fixed in 1.1.1l-r0
50.4%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2021-3712HIGH7.7
libssl1.1
1.1.1k-r0
fixed in 1.1.1l-r0
50.4%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2022-23990HIGH7.5
expat
2.2.10-r1
fixed in 2.2.10-r3
4.0%
Low-Moderate Risk
Directly Exposed
CVE-2022-25314HIGH7.5
expat
2.2.10-r1
fixed in 2.2.10-r4
4.7%
Low-Moderate Risk
Directly Exposed
CVE-2022-43680HIGH7.5
expat
2.2.10-r1
fixed in 2.2.10-r8
2.2%
Low-Moderate Risk
Directly Exposed
CVE-2022-2309HIGH7.5
libxml2
2.9.10-r6
fixed in 2.9.14-r1
2.5%
Low-Moderate Risk
Directly Exposed
CVE-2022-23308HIGH7.5
libxml2
2.9.10-r6
fixed in 2.9.13-r0
6.0%
Low-Moderate Risk
Directly Exposed
CVE-2022-25313MEDIUM6.5
expat
2.2.10-r1
fixed in 2.2.10-r4
3.3%
Low-Moderate Risk
Directly Exposed
CVE-2021-3541MEDIUM6.5
libxml2
2.9.10-r6
fixed in 2.9.11-r0
1.9%
Low-Moderate Risk
Directly Exposed
CVE-2022-29824MEDIUM6.5
libxml2
2.9.10-r6
fixed in 2.9.14-r0
3.6%
Low-Moderate Risk
Directly Exposed
CVE-2021-3537MEDIUM5.9
libxml2
2.9.10-r6
fixed in 2.9.10-r7
3.5%
Low-Moderate Risk
Directly Exposed
CVE-2022-2097MEDIUM5.3
libcrypto1.1
1.1.1k-r0
fixed in 1.1.1q-r0
4.4%
Low-Moderate Risk
Directly Exposed
CVE-2022-2097MEDIUM5.3
libssl1.1
1.1.1k-r0
fixed in 1.1.1q-r0
4.4%
Low-Moderate Risk
Directly Exposed
CVE-2021-3995MEDIUM4.67
libuuid
2.36.1-r1
fixed in 2.37.3-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2021-3996MEDIUM4.67
libuuid
2.36.1-r1
fixed in 2.37.3-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2022-0563MEDIUM4.67
libuuid
2.36.1-r1
fixed in 2.37.4-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2022-27775MEDIUM4.5
libcurl
7.76.1-r0
fixed in 7.79.1-r1
2.8%
Low-Moderate Risk
Post-Exploit
CVE-2022-27781MEDIUM4.5
libcurl
7.76.1-r0
fixed in 7.79.1-r2
2.4%
Low-Moderate Risk
Post-Exploit
CVE-2022-27782MEDIUM4.5
libcurl
7.76.1-r0
fixed in 7.79.1-r2
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2022-32206MEDIUM4.48
libcurl
7.76.1-r0
fixed in 7.79.1-r2
32.0%
High Exploitation Risk
Post-Exploit
CVE-2021-42378MEDIUM4.32
busybox
1.32.1-r6
fixed in 1.32.1-r7
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42379MEDIUM4.32
busybox
1.32.1-r6
fixed in 1.32.1-r7
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42380MEDIUM4.32
busybox
1.32.1-r6
fixed in 1.32.1-r7
2.8%
Low-Moderate Risk
Post-Exploit
CVE-2021-42381MEDIUM4.32
busybox
1.32.1-r6
fixed in 1.32.1-r7
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42382MEDIUM4.32
busybox
1.32.1-r6
fixed in 1.32.1-r7
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42383MEDIUM4.32
busybox
1.32.1-r6
fixed in 1.32.1-r7
2.1%
Low-Moderate Risk
Post-Exploit
CVE-2021-42384MEDIUM4.32
busybox
1.32.1-r6
fixed in 1.32.1-r7
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42385MEDIUM4.32
busybox
1.32.1-r6
fixed in 1.32.1-r7
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42386MEDIUM4.32
busybox
1.32.1-r6
fixed in 1.32.1-r7
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42378MEDIUM4.32
ssl_client
1.32.1-r6
fixed in 1.32.1-r7
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42379MEDIUM4.32
ssl_client
1.32.1-r6
fixed in 1.32.1-r7
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42380MEDIUM4.32
ssl_client
1.32.1-r6
fixed in 1.32.1-r7
2.8%
Low-Moderate Risk
Post-Exploit
CVE-2021-42381MEDIUM4.32
ssl_client
1.32.1-r6
fixed in 1.32.1-r7
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42382MEDIUM4.32
ssl_client
1.32.1-r6
fixed in 1.32.1-r7
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42383MEDIUM4.32
ssl_client
1.32.1-r6
fixed in 1.32.1-r7
2.1%
Low-Moderate Risk
Post-Exploit
CVE-2021-42384MEDIUM4.32
ssl_client
1.32.1-r6
fixed in 1.32.1-r7
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42385MEDIUM4.32
ssl_client
1.32.1-r6
fixed in 1.32.1-r7
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42386MEDIUM4.32
ssl_client
1.32.1-r6
fixed in 1.32.1-r7
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-22922LOW3.9
libcurl
7.76.1-r0
fixed in 7.78.0-r0
4.3%
Low-Moderate Risk
Post-Exploit
CVE-2022-27776LOW3.9
libcurl
7.76.1-r0
fixed in 7.79.1-r1
3.4%
Low-Moderate Risk
Post-Exploit
CVE-2021-22901LOW3.79
libcurl
7.76.1-r0
fixed in 7.77.0-r0
60.1%
Actively Exploited
Post-Exploit
CVE-2021-22947LOW3.54
libcurl
7.76.1-r0
fixed in 7.79.0-r0
2.8%
Low-Moderate Risk
Post-Exploit
CVE-2022-32208LOW3.54
libcurl
7.76.1-r0
fixed in 7.79.1-r2
6.8%
Low-Moderate Risk
Post-Exploit
CVE-2022-32207LOW3.53
libcurl
7.76.1-r0
fixed in 7.79.1-r2
6.8%
Low-Moderate Risk
Post-Exploit
CVE-2022-27774LOW3.42
libcurl
7.76.1-r0
fixed in 7.79.1-r1
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-36159LOW3.28
apk-tools
2.12.5-r0
fixed in 2.12.6-r0
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-22945LOW3.28
libcurl
7.76.1-r0
fixed in 7.79.0-r0
6.2%
Low-Moderate Risk
Post-Exploit
CVE-2021-22923LOW3.18
libcurl
7.76.1-r0
fixed in 7.78.0-r0
1.8%
Low-Moderate Risk
Post-Exploit
CVE-2021-22925LOW3.18
libcurl
7.76.1-r0
fixed in 7.78.0-r0
4.9%
Low-Moderate Risk
Post-Exploit
CVE-2022-28391LOW3.17
busybox
1.32.1-r6
fixed in 1.32.1-r8
3.5%
Low-Moderate Risk
Post-Exploit
CVE-2022-28391LOW3.17
ssl_client
1.32.1-r6
fixed in 1.32.1-r8
3.5%
Low-Moderate Risk
Post-Exploit
CVE-2022-1271LOW3.17
xz-libs
5.2.5-r0
fixed in 5.2.5-r1
4.3%
Low-Moderate Risk
Post-Exploit
CVE-2022-32205LOW2.97
libcurl
7.76.1-r0
fixed in 7.79.1-r2
26.9%
High Exploitation Risk
Post-Exploit
CVE-2022-22576LOW2.92
libcurl
7.76.1-r0
fixed in 7.79.1-r1
1.9%
Low-Moderate Risk
Post-Exploit
CVE-2022-30065LOW2.81
busybox
1.32.1-r6
fixed in 1.32.1-r9
1.2%
Low-Moderate Risk
Post-Exploit
CVE-2022-30065LOW2.81
ssl_client
1.32.1-r6
fixed in 1.32.1-r9
1.2%
Low-Moderate Risk
Post-Exploit
CVE-2021-42375LOW2.8
busybox
1.32.1-r6
fixed in 1.32.1-r7
0.4%
Theoretical Threat
Post-Exploit
CVE-2021-42375LOW2.8
ssl_client
1.32.1-r6
fixed in 1.32.1-r7
0.4%
Theoretical Threat
Post-Exploit
CVE-2021-22946LOW2.7
libcurl
7.76.1-r0
fixed in 7.79.0-r0
4.2%
Low-Moderate Risk
Post-Exploit
CVE-2021-42374LOW2.7
busybox
1.32.1-r6
fixed in 1.32.1-r7
0.6%
Theoretical Threat
Post-Exploit
CVE-2021-42374LOW2.7
ssl_client
1.32.1-r6
fixed in 1.32.1-r7
0.6%
Theoretical Threat
Post-Exploit
CVE-2021-22924LOW2.22
libcurl
7.76.1-r0
fixed in 7.78.0-r0
6.3%
Low-Moderate Risk
Post-Exploit
CVE-2022-35252LOW2.22
libcurl
7.76.1-r0
fixed in 7.79.1-r3
1.8%
Low-Moderate Risk
Post-Exploit
CVE-2021-22898LOW1.86
libcurl
7.76.1-r0
fixed in 7.77.0-r0
4.4%
Low-Moderate Risk
Post-Exploit
CVE-2021-35940.patchNONE0
apr
1.7.0-r0
fixed in 1.7.0-r1
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.