Vulnerability Reporthttpd:2.4.49-alpine

httpd:2.4.49-alpine
DIGESTsha256:84c4ce2c1a6863504160658e353e0179b87472912ee121b419e6c64343e5b334

Executive Summary

Last scanned:

Threat Score
100/100DANGEROUS
Reputation
TRUSTED

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could achieve remote code execution by sending crafted requests exploiting buffer overflows in APR (CVE-2022-24963) or zlib (CVE-2018-25032), leading to full server compromise. These vulnerabilities are in core libraries (APR, zlib) used by every request and require no special configuration to exploit. While some other vulnerabilities require optional modules (e.g., expat for XML parsing), the critical flaws are always active. No effective compensating controls exist short of rebuilding the image with patched packages.

Vulnerabilities

Vulnerability Log

99 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2022-24963CRITICAL9.8
apr
1.7.0-r0
fixed in 1.7.1-r0
1.5%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2018-25032CRITICAL9.75
zlib
1.2.11-r3
fixed in 1.2.12-r0
52.1%
Actively Exploited
Directly ExposedContext importance: HIGH
CVE-2022-22827HIGH8.8
expat
2.4.1-r0
fixed in 2.4.3-r0
2.8%
Low-Moderate Risk
Directly Exposed
CVE-2022-24407HIGH8.8
libsasl
2.1.27-r12
fixed in 2.1.28-r0
4.1%
Low-Moderate Risk
Directly Exposed
CVE-2022-4450HIGH8.62
libcrypto1.1
1.1.1l-r0
fixed in 1.1.1t-r0
20.4%
High Exploitation Risk
Directly Exposed
CVE-2022-4450HIGH8.62
libssl1.1
1.1.1l-r0
fixed in 1.1.1t-r0
20.4%
High Exploitation Risk
Directly Exposed
CVE-2022-40303HIGH8.62
libxml2
2.9.12-r1
fixed in 2.9.14-r2
22.8%
High Exploitation Risk
Directly Exposed
CVE-2022-40674HIGH8.1
expat
2.4.1-r0
fixed in 2.4.9-r0
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2022-25236HIGH8
expat
2.4.1-r0
fixed in 2.4.5-r0
34.2%
High Exploitation Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-37434HIGH8
zlib
1.2.11-r3
fixed in 1.2.12-r2
16.0%
High Exploitation Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-22822HIGH7.84
expat
2.4.1-r0
fixed in 2.4.3-r0
4.8%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-22823HIGH7.84
expat
2.4.1-r0
fixed in 2.4.3-r0
3.4%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-22824HIGH7.84
expat
2.4.1-r0
fixed in 2.4.3-r0
3.4%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-23852HIGH7.84
expat
2.4.1-r0
fixed in 2.4.4-r0
4.5%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-25235HIGH7.84
expat
2.4.1-r0
fixed in 2.4.5-r0
5.0%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-25315HIGH7.84
expat
2.4.1-r0
fixed in 2.4.5-r0
4.8%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2021-46143HIGH7.8
expat
2.4.1-r0
fixed in 2.4.3-r0
3.8%
Low-Moderate Risk
Directly Exposed
CVE-2022-40304HIGH7.8
libxml2
2.9.12-r1
fixed in 2.9.14-r2
6.8%
Low-Moderate Risk
Directly Exposed
CVE-2022-0778HIGH7.8
libcrypto1.1
1.1.1l-r0
fixed in 1.1.1n-r0
70.6%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2022-0778HIGH7.8
libretls
3.3.3p1-r2
fixed in 3.3.3p1-r3
70.6%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2022-0778HIGH7.8
libssl1.1
1.1.1l-r0
fixed in 1.1.1n-r0
70.6%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2023-0286HIGH7.7
libcrypto1.1
1.1.1l-r0
fixed in 1.1.1t-r0
59.5%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2023-0286HIGH7.7
libssl1.1
1.1.1l-r0
fixed in 1.1.1t-r0
59.5%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2022-23990HIGH7.5
expat
2.4.1-r0
fixed in 2.4.4-r0
4.0%
Low-Moderate Risk
Directly Exposed
CVE-2022-25314HIGH7.5
expat
2.4.1-r0
fixed in 2.4.5-r0
4.7%
Low-Moderate Risk
Directly Exposed
CVE-2022-43680HIGH7.5
expat
2.4.1-r0
fixed in 2.5.0-r0
2.2%
Low-Moderate Risk
Directly Exposed
CVE-2023-0215HIGH7.5
libcrypto1.1
1.1.1l-r0
fixed in 1.1.1t-r0
4.5%
Low-Moderate Risk
Directly Exposed
CVE-2023-0464HIGH7.5
libcrypto1.1
1.1.1l-r0
fixed in 1.1.1t-r1
3.7%
Low-Moderate Risk
Directly Exposed
CVE-2023-0215HIGH7.5
libssl1.1
1.1.1l-r0
fixed in 1.1.1t-r0
4.5%
Low-Moderate Risk
Directly Exposed
CVE-2023-0464HIGH7.5
libssl1.1
1.1.1l-r0
fixed in 1.1.1t-r1
3.7%
Low-Moderate Risk
Directly Exposed
CVE-2022-2309HIGH7.5
libxml2
2.9.12-r1
fixed in 2.9.14-r1
2.5%
Low-Moderate Risk
Directly Exposed
CVE-2022-23308HIGH7.5
libxml2
2.9.12-r1
fixed in 2.9.13-r0
6.0%
Low-Moderate Risk
Directly Exposed
CVE-2021-35940HIGH7.1
apr
1.7.0-r0
fixed in 1.7.0-r1
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2021-45960HIGH7.04
expat
2.4.1-r0
fixed in 2.4.3-r0
4.2%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-22825HIGH7.04
expat
2.4.1-r0
fixed in 2.4.3-r0
2.6%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-22826HIGH7.04
expat
2.4.1-r0
fixed in 2.4.3-r0
2.8%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-4304MEDIUM6.79
libcrypto1.1
1.1.1l-r0
fixed in 1.1.1t-r0
16.2%
High Exploitation Risk
Directly Exposed
CVE-2022-4304MEDIUM6.79
libssl1.1
1.1.1l-r0
fixed in 1.1.1t-r0
16.2%
High Exploitation Risk
Directly Exposed
CVE-2022-25147MEDIUM6.5
apr
1.7.0-r0
fixed in 1.7.1-r0
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2022-25147MEDIUM6.5
apr-util
1.6.1-r7
fixed in 1.6.3-r0
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2022-25147MEDIUM6.5
apr-util-ldap
1.6.1-r7
fixed in 1.6.3-r0
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2022-25313MEDIUM6.5
expat
2.4.1-r0
fixed in 2.4.5-r0
3.3%
Low-Moderate Risk
Directly Exposed
CVE-2022-29824MEDIUM6.5
libxml2
2.9.12-r1
fixed in 2.9.14-r0
3.6%
Low-Moderate Risk
Directly Exposed
CVE-2022-2097MEDIUM5.3
libcrypto1.1
1.1.1l-r0
fixed in 1.1.1q-r0
4.4%
Low-Moderate Risk
Directly Exposed
CVE-2023-0465MEDIUM5.3
libcrypto1.1
1.1.1l-r0
fixed in 1.1.1t-r2
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2022-2097MEDIUM5.3
libssl1.1
1.1.1l-r0
fixed in 1.1.1q-r0
4.4%
Low-Moderate Risk
Directly Exposed
CVE-2023-0465MEDIUM5.3
libssl1.1
1.1.1l-r0
fixed in 1.1.1t-r2
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2021-37600MEDIUM4.67
libuuid
2.37-r0
fixed in 2.37.2-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2021-3995MEDIUM4.67
libuuid
2.37-r0
fixed in 2.37.3-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2021-3996MEDIUM4.67
libuuid
2.37-r0
fixed in 2.37.3-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2022-0563MEDIUM4.67
libuuid
2.37-r0
fixed in 2.37.4-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2022-27782MEDIUM4.5
libcurl
7.79.0-r0
fixed in 7.79.1-r2
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2022-32206MEDIUM4.48
libcurl
7.79.0-r0
fixed in 7.79.1-r2
32.0%
High Exploitation Risk
Post-Exploit
CVE-2021-42378MEDIUM4.32
busybox
1.33.1-r3
fixed in 1.33.1-r6
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42379MEDIUM4.32
busybox
1.33.1-r3
fixed in 1.33.1-r6
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42380MEDIUM4.32
busybox
1.33.1-r3
fixed in 1.33.1-r6
2.8%
Low-Moderate Risk
Post-Exploit
CVE-2021-42381MEDIUM4.32
busybox
1.33.1-r3
fixed in 1.33.1-r6
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42382MEDIUM4.32
busybox
1.33.1-r3
fixed in 1.33.1-r6
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42383MEDIUM4.32
busybox
1.33.1-r3
fixed in 1.33.1-r6
2.1%
Low-Moderate Risk
Post-Exploit
CVE-2021-42384MEDIUM4.32
busybox
1.33.1-r3
fixed in 1.33.1-r6
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42385MEDIUM4.32
busybox
1.33.1-r3
fixed in 1.33.1-r6
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42386MEDIUM4.32
busybox
1.33.1-r3
fixed in 1.33.1-r6
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42378MEDIUM4.32
ssl_client
1.33.1-r3
fixed in 1.33.1-r6
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42379MEDIUM4.32
ssl_client
1.33.1-r3
fixed in 1.33.1-r6
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42380MEDIUM4.32
ssl_client
1.33.1-r3
fixed in 1.33.1-r6
2.8%
Low-Moderate Risk
Post-Exploit
CVE-2021-42381MEDIUM4.32
ssl_client
1.33.1-r3
fixed in 1.33.1-r6
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42382MEDIUM4.32
ssl_client
1.33.1-r3
fixed in 1.33.1-r6
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42383MEDIUM4.32
ssl_client
1.33.1-r3
fixed in 1.33.1-r6
2.1%
Low-Moderate Risk
Post-Exploit
CVE-2021-42384MEDIUM4.32
ssl_client
1.33.1-r3
fixed in 1.33.1-r6
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42385MEDIUM4.32
ssl_client
1.33.1-r3
fixed in 1.33.1-r6
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42386MEDIUM4.32
ssl_client
1.33.1-r3
fixed in 1.33.1-r6
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2022-27776LOW3.9
libcurl
7.79.0-r0
fixed in 7.79.1-r1
3.4%
Low-Moderate Risk
Post-Exploit
CVE-2023-23916LOW3.9
libcurl
7.79.0-r0
fixed in 7.79.1-r5
1.7%
Low-Moderate Risk
Post-Exploit
CVE-2022-32208LOW3.54
libcurl
7.79.0-r0
fixed in 7.79.1-r2
6.8%
Low-Moderate Risk
Post-Exploit
CVE-2022-43552LOW3.54
libcurl
7.79.0-r0
fixed in 7.79.1-r4
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2023-27535LOW3.54
libcurl
7.79.0-r0
fixed in 8.0.1-r0
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2023-27536LOW3.54
libcurl
7.79.0-r0
fixed in 8.0.1-r0
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2023-27537LOW3.54
libcurl
7.79.0-r0
fixed in 8.0.1-r0
1.9%
Low-Moderate Risk
Post-Exploit
CVE-2022-28331LOW3.53
apr
1.7.0-r0
fixed in 1.7.1-r0
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2022-32207LOW3.53
libcurl
7.79.0-r0
fixed in 7.79.1-r2
6.8%
Low-Moderate Risk
Post-Exploit
CVE-2022-27774LOW3.42
libcurl
7.79.0-r0
fixed in 7.79.1-r1
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2023-23915LOW3.31
libcurl
7.79.0-r0
fixed in 7.79.1-r5
0.9%
Theoretical Threat
Post-Exploit
CVE-2023-27538LOW3.3
libcurl
7.79.0-r0
fixed in 8.0.1-r0
1.2%
Low-Moderate Risk
Post-Exploit
CVE-2022-28391LOW3.17
busybox
1.33.1-r3
fixed in 1.33.1-r7
3.5%
Low-Moderate Risk
Post-Exploit
CVE-2023-27533LOW3.17
libcurl
7.79.0-r0
fixed in 8.0.1-r0
2.0%
Low-Moderate Risk
Post-Exploit
CVE-2023-27534LOW3.17
libcurl
7.79.0-r0
fixed in 8.0.1-r0
2.2%
Low-Moderate Risk
Post-Exploit
CVE-2022-28391LOW3.17
ssl_client
1.33.1-r3
fixed in 1.33.1-r7
3.5%
Low-Moderate Risk
Post-Exploit
CVE-2022-1271LOW3.17
xz-libs
5.2.5-r0
fixed in 5.2.5-r1
4.3%
Low-Moderate Risk
Post-Exploit
CVE-2022-43551LOW3.1
libcurl
7.79.0-r0
fixed in 7.79.1-r4
16.5%
High Exploitation Risk
Post-Exploit
CVE-2022-32205LOW2.97
libcurl
7.79.0-r0
fixed in 7.79.1-r2
26.9%
High Exploitation Risk
Post-Exploit
CVE-2022-22576LOW2.92
libcurl
7.79.0-r0
fixed in 7.79.1-r1
1.9%
Low-Moderate Risk
Post-Exploit
CVE-2021-42375LOW2.8
busybox
1.33.1-r3
fixed in 1.33.1-r5
0.4%
Theoretical Threat
Post-Exploit
CVE-2021-42375LOW2.8
ssl_client
1.33.1-r3
fixed in 1.33.1-r5
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-23914LOW2.78
libcurl
7.79.0-r0
fixed in 7.79.1-r5
0.9%
Theoretical Threat
Post-Exploit
CVE-2022-27775LOW2.7
libcurl
7.79.0-r0
fixed in 7.79.1-r1
2.8%
Low-Moderate Risk
Post-Exploit
CVE-2022-27781LOW2.7
libcurl
7.79.0-r0
fixed in 7.79.1-r2
2.4%
Low-Moderate Risk
Post-Exploit
CVE-2021-42374LOW2.7
busybox
1.33.1-r3
fixed in 1.33.1-r4
0.6%
Theoretical Threat
Post-Exploit
CVE-2021-42374LOW2.7
ssl_client
1.33.1-r3
fixed in 1.33.1-r4
0.6%
Theoretical Threat
Post-Exploit
CVE-2022-35252LOW2.22
libcurl
7.79.0-r0
fixed in 7.79.1-r3
1.8%
Low-Moderate Risk
Post-Exploit

Want to check another image? Run a full scan with the Docker Security Scanner.