Vulnerability Reporthttpd:2.4.48-alpine

httpd:2.4.48-alpine
DIGESTsha256:37757f1833175ab266ff112fb1a0cd1c291cdd444d907463849bc0093ffad803

Executive Summary

Last scanned:

Threat Score
100/100DANGEROUS
Reputation
TRUSTED

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could achieve remote code execution (via CVE-2022-24963) or cause a denial of service (via CVE-2022-4450), compromising the web server and potentially the host. No simple mitigation exists; upgrading the base image is required. Note: Some expat vulnerabilities require an XML-parsing module to be active, but the critical APR CVE-2022-24963 is exploitable without special configuration.

Vulnerabilities

Vulnerability Log

102 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2022-24963CRITICAL9.8
apr
1.7.0-r0
fixed in 1.7.1-r0
1.5%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2022-22827HIGH8.8
expat
2.4.1-r0
fixed in 2.4.3-r0
2.8%
Low-Moderate Risk
Directly Exposed
CVE-2022-24407HIGH8.8
libsasl
2.1.27-r12
fixed in 2.1.28-r0
4.1%
Low-Moderate Risk
Directly Exposed
CVE-2022-4450HIGH8.62
libcrypto1.1
1.1.1l-r0
fixed in 1.1.1t-r0
20.4%
High Exploitation Risk
Directly Exposed
CVE-2022-4450HIGH8.62
libssl1.1
1.1.1l-r0
fixed in 1.1.1t-r0
20.4%
High Exploitation Risk
Directly Exposed
CVE-2022-40303HIGH8.62
libxml2
2.9.12-r1
fixed in 2.9.14-r2
22.8%
High Exploitation Risk
Directly Exposed
CVE-2022-40674HIGH8.1
expat
2.4.1-r0
fixed in 2.4.9-r0
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2022-25236HIGH8
expat
2.4.1-r0
fixed in 2.4.5-r0
34.2%
High Exploitation Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-22822HIGH7.84
expat
2.4.1-r0
fixed in 2.4.3-r0
4.8%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-22823HIGH7.84
expat
2.4.1-r0
fixed in 2.4.3-r0
3.4%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-22824HIGH7.84
expat
2.4.1-r0
fixed in 2.4.3-r0
3.4%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-23852HIGH7.84
expat
2.4.1-r0
fixed in 2.4.4-r0
4.5%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-25235HIGH7.84
expat
2.4.1-r0
fixed in 2.4.5-r0
5.0%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-25315HIGH7.84
expat
2.4.1-r0
fixed in 2.4.5-r0
4.8%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2021-46143HIGH7.8
expat
2.4.1-r0
fixed in 2.4.3-r0
3.8%
Low-Moderate Risk
Directly Exposed
CVE-2022-40304HIGH7.8
libxml2
2.9.12-r1
fixed in 2.9.14-r2
6.8%
Low-Moderate Risk
Directly Exposed
CVE-2022-0778HIGH7.8
libcrypto1.1
1.1.1l-r0
fixed in 1.1.1n-r0
70.6%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2022-0778HIGH7.8
libretls
3.3.3p1-r2
fixed in 3.3.3p1-r3
70.6%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2022-0778HIGH7.8
libssl1.1
1.1.1l-r0
fixed in 1.1.1n-r0
70.6%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2022-23990HIGH7.5
expat
2.4.1-r0
fixed in 2.4.4-r0
4.0%
Low-Moderate Risk
Directly Exposed
CVE-2022-25314HIGH7.5
expat
2.4.1-r0
fixed in 2.4.5-r0
4.7%
Low-Moderate Risk
Directly Exposed
CVE-2022-43680HIGH7.5
expat
2.4.1-r0
fixed in 2.5.0-r0
2.2%
Low-Moderate Risk
Directly Exposed
CVE-2023-0215HIGH7.5
libcrypto1.1
1.1.1l-r0
fixed in 1.1.1t-r0
4.5%
Low-Moderate Risk
Directly Exposed
CVE-2023-0464HIGH7.5
libcrypto1.1
1.1.1l-r0
fixed in 1.1.1t-r1
3.7%
Low-Moderate Risk
Directly Exposed
CVE-2023-0215HIGH7.5
libssl1.1
1.1.1l-r0
fixed in 1.1.1t-r0
4.5%
Low-Moderate Risk
Directly Exposed
CVE-2023-0464HIGH7.5
libssl1.1
1.1.1l-r0
fixed in 1.1.1t-r1
3.7%
Low-Moderate Risk
Directly Exposed
CVE-2022-2309HIGH7.5
libxml2
2.9.12-r1
fixed in 2.9.14-r1
2.5%
Low-Moderate Risk
Directly Exposed
CVE-2022-23308HIGH7.5
libxml2
2.9.12-r1
fixed in 2.9.13-r0
6.0%
Low-Moderate Risk
Directly Exposed
CVE-2021-35940HIGH7.1
apr
1.7.0-r0
fixed in 1.7.0-r1
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2021-45960HIGH7.04
expat
2.4.1-r0
fixed in 2.4.3-r0
4.2%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-22825HIGH7.04
expat
2.4.1-r0
fixed in 2.4.3-r0
2.6%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-22826HIGH7.04
expat
2.4.1-r0
fixed in 2.4.3-r0
2.8%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-4304MEDIUM6.79
libcrypto1.1
1.1.1l-r0
fixed in 1.1.1t-r0
16.2%
High Exploitation Risk
Directly Exposed
CVE-2022-4304MEDIUM6.79
libssl1.1
1.1.1l-r0
fixed in 1.1.1t-r0
16.2%
High Exploitation Risk
Directly Exposed
CVE-2022-25147MEDIUM6.5
apr
1.7.0-r0
fixed in 1.7.1-r0
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2022-25147MEDIUM6.5
apr-util
1.6.1-r7
fixed in 1.6.3-r0
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2022-25147MEDIUM6.5
apr-util-ldap
1.6.1-r7
fixed in 1.6.3-r0
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2022-25313MEDIUM6.5
expat
2.4.1-r0
fixed in 2.4.5-r0
3.3%
Low-Moderate Risk
Directly Exposed
CVE-2022-29824MEDIUM6.5
libxml2
2.9.12-r1
fixed in 2.9.14-r0
3.6%
Low-Moderate Risk
Directly Exposed
CVE-2022-37434MEDIUM6
zlib
1.2.11-r3
fixed in 1.2.12-r2
15.9%
High Exploitation Risk
Directly Exposed
CVE-2018-25032MEDIUM5.85
zlib
1.2.11-r3
fixed in 1.2.12-r0
51.7%
Actively Exploited
Directly Exposed
CVE-2023-0286MEDIUM5.77
libcrypto1.1
1.1.1l-r0
fixed in 1.1.1t-r0
59.5%
Actively Exploited
Directly Exposed
CVE-2023-0286MEDIUM5.77
libssl1.1
1.1.1l-r0
fixed in 1.1.1t-r0
59.5%
Actively Exploited
Directly Exposed
CVE-2022-2097MEDIUM5.3
libcrypto1.1
1.1.1l-r0
fixed in 1.1.1q-r0
4.4%
Low-Moderate Risk
Directly Exposed
CVE-2023-0465MEDIUM5.3
libcrypto1.1
1.1.1l-r0
fixed in 1.1.1t-r2
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2022-2097MEDIUM5.3
libssl1.1
1.1.1l-r0
fixed in 1.1.1q-r0
4.4%
Low-Moderate Risk
Directly Exposed
CVE-2023-0465MEDIUM5.3
libssl1.1
1.1.1l-r0
fixed in 1.1.1t-r2
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2021-37600MEDIUM4.67
libuuid
2.37-r0
fixed in 2.37.2-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2021-3995MEDIUM4.67
libuuid
2.37-r0
fixed in 2.37.3-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2021-3996MEDIUM4.67
libuuid
2.37-r0
fixed in 2.37.3-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2022-0563MEDIUM4.67
libuuid
2.37-r0
fixed in 2.37.4-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2022-27775MEDIUM4.5
libcurl
7.78.0-r0
fixed in 7.79.1-r1
2.8%
Low-Moderate Risk
Post-Exploit
CVE-2022-27781MEDIUM4.5
libcurl
7.78.0-r0
fixed in 7.79.1-r2
2.4%
Low-Moderate Risk
Post-Exploit
CVE-2022-27782MEDIUM4.5
libcurl
7.78.0-r0
fixed in 7.79.1-r2
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2022-32206MEDIUM4.48
libcurl
7.78.0-r0
fixed in 7.79.1-r2
32.0%
High Exploitation Risk
Post-Exploit
CVE-2021-42378MEDIUM4.32
busybox
1.33.1-r3
fixed in 1.33.1-r6
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42379MEDIUM4.32
busybox
1.33.1-r3
fixed in 1.33.1-r6
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42380MEDIUM4.32
busybox
1.33.1-r3
fixed in 1.33.1-r6
2.8%
Low-Moderate Risk
Post-Exploit
CVE-2021-42381MEDIUM4.32
busybox
1.33.1-r3
fixed in 1.33.1-r6
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42382MEDIUM4.32
busybox
1.33.1-r3
fixed in 1.33.1-r6
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42383MEDIUM4.32
busybox
1.33.1-r3
fixed in 1.33.1-r6
2.1%
Low-Moderate Risk
Post-Exploit
CVE-2021-42384MEDIUM4.32
busybox
1.33.1-r3
fixed in 1.33.1-r6
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42385MEDIUM4.32
busybox
1.33.1-r3
fixed in 1.33.1-r6
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42386MEDIUM4.32
busybox
1.33.1-r3
fixed in 1.33.1-r6
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42378MEDIUM4.32
ssl_client
1.33.1-r3
fixed in 1.33.1-r6
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42379MEDIUM4.32
ssl_client
1.33.1-r3
fixed in 1.33.1-r6
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42380MEDIUM4.32
ssl_client
1.33.1-r3
fixed in 1.33.1-r6
2.8%
Low-Moderate Risk
Post-Exploit
CVE-2021-42381MEDIUM4.32
ssl_client
1.33.1-r3
fixed in 1.33.1-r6
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42382MEDIUM4.32
ssl_client
1.33.1-r3
fixed in 1.33.1-r6
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42383MEDIUM4.32
ssl_client
1.33.1-r3
fixed in 1.33.1-r6
2.1%
Low-Moderate Risk
Post-Exploit
CVE-2021-42384MEDIUM4.32
ssl_client
1.33.1-r3
fixed in 1.33.1-r6
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42385MEDIUM4.32
ssl_client
1.33.1-r3
fixed in 1.33.1-r6
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42386MEDIUM4.32
ssl_client
1.33.1-r3
fixed in 1.33.1-r6
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2022-27776LOW3.9
libcurl
7.78.0-r0
fixed in 7.79.1-r1
3.4%
Low-Moderate Risk
Post-Exploit
CVE-2023-23916LOW3.9
libcurl
7.78.0-r0
fixed in 7.79.1-r5
1.7%
Low-Moderate Risk
Post-Exploit
CVE-2021-22947LOW3.54
libcurl
7.78.0-r0
fixed in 7.79.0-r0
2.8%
Low-Moderate Risk
Post-Exploit
CVE-2022-32208LOW3.54
libcurl
7.78.0-r0
fixed in 7.79.1-r2
6.8%
Low-Moderate Risk
Post-Exploit
CVE-2022-43552LOW3.54
libcurl
7.78.0-r0
fixed in 7.79.1-r4
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2023-27535LOW3.54
libcurl
7.78.0-r0
fixed in 8.0.1-r0
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2023-27536LOW3.54
libcurl
7.78.0-r0
fixed in 8.0.1-r0
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2023-27537LOW3.54
libcurl
7.78.0-r0
fixed in 8.0.1-r0
1.9%
Low-Moderate Risk
Post-Exploit
CVE-2022-28331LOW3.53
apr
1.7.0-r0
fixed in 1.7.1-r0
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2022-32207LOW3.53
libcurl
7.78.0-r0
fixed in 7.79.1-r2
6.8%
Low-Moderate Risk
Post-Exploit
CVE-2022-27774LOW3.42
libcurl
7.78.0-r0
fixed in 7.79.1-r1
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2023-23915LOW3.31
libcurl
7.78.0-r0
fixed in 7.79.1-r5
0.9%
Theoretical Threat
Post-Exploit
CVE-2023-27538LOW3.3
libcurl
7.78.0-r0
fixed in 8.0.1-r0
1.2%
Low-Moderate Risk
Post-Exploit
CVE-2021-22945LOW3.28
libcurl
7.78.0-r0
fixed in 7.79.0-r0
6.2%
Low-Moderate Risk
Post-Exploit
CVE-2022-28391LOW3.17
busybox
1.33.1-r3
fixed in 1.33.1-r7
3.5%
Low-Moderate Risk
Post-Exploit
CVE-2023-27533LOW3.17
libcurl
7.78.0-r0
fixed in 8.0.1-r0
2.0%
Low-Moderate Risk
Post-Exploit
CVE-2023-27534LOW3.17
libcurl
7.78.0-r0
fixed in 8.0.1-r0
2.2%
Low-Moderate Risk
Post-Exploit
CVE-2022-28391LOW3.17
ssl_client
1.33.1-r3
fixed in 1.33.1-r7
3.5%
Low-Moderate Risk
Post-Exploit
CVE-2022-1271LOW3.17
xz-libs
5.2.5-r0
fixed in 5.2.5-r1
4.3%
Low-Moderate Risk
Post-Exploit
CVE-2022-43551LOW3.1
libcurl
7.78.0-r0
fixed in 7.79.1-r4
16.5%
High Exploitation Risk
Post-Exploit
CVE-2022-32205LOW2.97
libcurl
7.78.0-r0
fixed in 7.79.1-r2
26.9%
High Exploitation Risk
Post-Exploit
CVE-2022-22576LOW2.92
libcurl
7.78.0-r0
fixed in 7.79.1-r1
1.9%
Low-Moderate Risk
Post-Exploit
CVE-2021-42375LOW2.8
busybox
1.33.1-r3
fixed in 1.33.1-r5
0.4%
Theoretical Threat
Post-Exploit
CVE-2021-42375LOW2.8
ssl_client
1.33.1-r3
fixed in 1.33.1-r5
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-23914LOW2.78
libcurl
7.78.0-r0
fixed in 7.79.1-r5
0.9%
Theoretical Threat
Post-Exploit
CVE-2021-22946LOW2.7
libcurl
7.78.0-r0
fixed in 7.79.0-r0
4.2%
Low-Moderate Risk
Post-Exploit
CVE-2021-42374LOW2.7
busybox
1.33.1-r3
fixed in 1.33.1-r4
0.6%
Theoretical Threat
Post-Exploit
CVE-2021-42374LOW2.7
ssl_client
1.33.1-r3
fixed in 1.33.1-r4
0.6%
Theoretical Threat
Post-Exploit
CVE-2022-35252LOW2.22
libcurl
7.78.0-r0
fixed in 7.79.1-r3
1.8%
Low-Moderate Risk
Post-Exploit

Want to check another image? Run a full scan with the Docker Security Scanner.