Vulnerability Reporthttpd:2.4.50-alpine

httpd:2.4.50-alpine
DIGESTsha256:5e1b2811d3263d32618deba744195753168db0a6dff3776dae4ed098cfbadf62

Executive Summary

Last scanned:

Threat Score
74/100CAUTION
Reputation
TRUSTED

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could exploit CVE-2022-0778 or CVE-2022-4450 to cause denial of service by sending crafted certificates, or exploit CVE-2022-22827 for remote code execution if the server processes XML (e.g., via WebDAV). These vulnerabilities affect core TLS and XML parsing libraries, and while some (e.g., CVE-2022-25236) require non-default modules, the most severe ones impact default configurations. Updating to patched versions of OpenSSL, expat, and libxml2 is strongly recommended before any production deployment.

Vulnerabilities

Vulnerability Log

99 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2022-0778CRITICAL9.75
libcrypto1.1
1.1.1l-r0
fixed in 1.1.1n-r0
70.6%
Actively Exploited
Directly ExposedContext importance: HIGH
CVE-2022-0778CRITICAL9.75
libretls
3.3.3p1-r2
fixed in 3.3.3p1-r3
70.6%
Actively Exploited
Directly ExposedContext importance: HIGH
CVE-2022-0778CRITICAL9.75
libssl1.1
1.1.1l-r0
fixed in 1.1.1n-r0
70.6%
Actively Exploited
Directly ExposedContext importance: HIGH
CVE-2022-22827HIGH8.8
expat
2.4.1-r0
fixed in 2.4.3-r0
2.8%
Low-Moderate Risk
Directly Exposed
CVE-2022-24407HIGH8.8
libsasl
2.1.27-r12
fixed in 2.1.28-r0
4.1%
Low-Moderate Risk
Directly Exposed
CVE-2022-4450HIGH8.62
libcrypto1.1
1.1.1l-r0
fixed in 1.1.1t-r0
20.4%
High Exploitation Risk
Directly Exposed
CVE-2022-4450HIGH8.62
libssl1.1
1.1.1l-r0
fixed in 1.1.1t-r0
20.4%
High Exploitation Risk
Directly Exposed
CVE-2022-40303HIGH8.62
libxml2
2.9.12-r1
fixed in 2.9.14-r2
22.8%
High Exploitation Risk
Directly Exposed
CVE-2022-40674HIGH8.1
expat
2.4.1-r0
fixed in 2.4.9-r0
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2022-25236HIGH8
expat
2.4.1-r0
fixed in 2.4.5-r0
34.2%
High Exploitation Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-37434HIGH8
zlib
1.2.11-r3
fixed in 1.2.12-r2
15.9%
High Exploitation Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-22822HIGH7.84
expat
2.4.1-r0
fixed in 2.4.3-r0
4.8%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-22823HIGH7.84
expat
2.4.1-r0
fixed in 2.4.3-r0
3.4%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-22824HIGH7.84
expat
2.4.1-r0
fixed in 2.4.3-r0
3.4%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-23852HIGH7.84
expat
2.4.1-r0
fixed in 2.4.4-r0
4.5%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-25235HIGH7.84
expat
2.4.1-r0
fixed in 2.4.5-r0
5.0%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-25315HIGH7.84
expat
2.4.1-r0
fixed in 2.4.5-r0
4.8%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2021-46143HIGH7.8
expat
2.4.1-r0
fixed in 2.4.3-r0
3.8%
Low-Moderate Risk
Directly Exposed
CVE-2022-40304HIGH7.8
libxml2
2.9.12-r1
fixed in 2.9.14-r2
6.8%
Low-Moderate Risk
Directly Exposed
CVE-2018-25032HIGH7.8
zlib
1.2.11-r3
fixed in 1.2.12-r0
51.7%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2023-0286HIGH7.7
libcrypto1.1
1.1.1l-r0
fixed in 1.1.1t-r0
59.5%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2023-0286HIGH7.7
libssl1.1
1.1.1l-r0
fixed in 1.1.1t-r0
59.5%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2022-23990HIGH7.5
expat
2.4.1-r0
fixed in 2.4.4-r0
4.0%
Low-Moderate Risk
Directly Exposed
CVE-2022-25314HIGH7.5
expat
2.4.1-r0
fixed in 2.4.5-r0
4.7%
Low-Moderate Risk
Directly Exposed
CVE-2022-43680HIGH7.5
expat
2.4.1-r0
fixed in 2.5.0-r0
2.2%
Low-Moderate Risk
Directly Exposed
CVE-2023-0215HIGH7.5
libcrypto1.1
1.1.1l-r0
fixed in 1.1.1t-r0
4.5%
Low-Moderate Risk
Directly Exposed
CVE-2023-0464HIGH7.5
libcrypto1.1
1.1.1l-r0
fixed in 1.1.1t-r1
3.7%
Low-Moderate Risk
Directly Exposed
CVE-2023-0215HIGH7.5
libssl1.1
1.1.1l-r0
fixed in 1.1.1t-r0
4.5%
Low-Moderate Risk
Directly Exposed
CVE-2023-0464HIGH7.5
libssl1.1
1.1.1l-r0
fixed in 1.1.1t-r1
3.7%
Low-Moderate Risk
Directly Exposed
CVE-2022-2309HIGH7.5
libxml2
2.9.12-r1
fixed in 2.9.14-r1
2.5%
Low-Moderate Risk
Directly Exposed
CVE-2022-23308HIGH7.5
libxml2
2.9.12-r1
fixed in 2.9.13-r0
6.0%
Low-Moderate Risk
Directly Exposed
CVE-2021-35940HIGH7.1
apr
1.7.0-r0
fixed in 1.7.0-r1
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2021-45960HIGH7.04
expat
2.4.1-r0
fixed in 2.4.3-r0
4.2%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-22825HIGH7.04
expat
2.4.1-r0
fixed in 2.4.3-r0
2.6%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-22826HIGH7.04
expat
2.4.1-r0
fixed in 2.4.3-r0
2.8%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-4304MEDIUM6.79
libcrypto1.1
1.1.1l-r0
fixed in 1.1.1t-r0
16.2%
High Exploitation Risk
Directly Exposed
CVE-2022-4304MEDIUM6.79
libssl1.1
1.1.1l-r0
fixed in 1.1.1t-r0
16.2%
High Exploitation Risk
Directly Exposed
CVE-2022-25147MEDIUM6.5
apr
1.7.0-r0
fixed in 1.7.1-r0
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2022-25147MEDIUM6.5
apr-util
1.6.1-r7
fixed in 1.6.3-r0
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2022-25147MEDIUM6.5
apr-util-ldap
1.6.1-r7
fixed in 1.6.3-r0
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2022-25313MEDIUM6.5
expat
2.4.1-r0
fixed in 2.4.5-r0
3.3%
Low-Moderate Risk
Directly Exposed
CVE-2022-29824MEDIUM6.5
libxml2
2.9.12-r1
fixed in 2.9.14-r0
3.6%
Low-Moderate Risk
Directly Exposed
CVE-2022-2097MEDIUM5.3
libcrypto1.1
1.1.1l-r0
fixed in 1.1.1q-r0
4.4%
Low-Moderate Risk
Directly Exposed
CVE-2023-0465MEDIUM5.3
libcrypto1.1
1.1.1l-r0
fixed in 1.1.1t-r2
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2022-2097MEDIUM5.3
libssl1.1
1.1.1l-r0
fixed in 1.1.1q-r0
4.4%
Low-Moderate Risk
Directly Exposed
CVE-2023-0465MEDIUM5.3
libssl1.1
1.1.1l-r0
fixed in 1.1.1t-r2
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2021-37600MEDIUM4.67
libuuid
2.37-r0
fixed in 2.37.2-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2021-3995MEDIUM4.67
libuuid
2.37-r0
fixed in 2.37.3-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2021-3996MEDIUM4.67
libuuid
2.37-r0
fixed in 2.37.3-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2022-0563MEDIUM4.67
libuuid
2.37-r0
fixed in 2.37.4-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2022-27782MEDIUM4.5
libcurl
7.79.1-r0
fixed in 7.79.1-r2
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2022-32206MEDIUM4.48
libcurl
7.79.1-r0
fixed in 7.79.1-r2
32.0%
High Exploitation Risk
Post-Exploit
CVE-2021-42378MEDIUM4.32
busybox
1.33.1-r3
fixed in 1.33.1-r6
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42379MEDIUM4.32
busybox
1.33.1-r3
fixed in 1.33.1-r6
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42380MEDIUM4.32
busybox
1.33.1-r3
fixed in 1.33.1-r6
2.8%
Low-Moderate Risk
Post-Exploit
CVE-2021-42381MEDIUM4.32
busybox
1.33.1-r3
fixed in 1.33.1-r6
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42382MEDIUM4.32
busybox
1.33.1-r3
fixed in 1.33.1-r6
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42383MEDIUM4.32
busybox
1.33.1-r3
fixed in 1.33.1-r6
2.1%
Low-Moderate Risk
Post-Exploit
CVE-2021-42384MEDIUM4.32
busybox
1.33.1-r3
fixed in 1.33.1-r6
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42385MEDIUM4.32
busybox
1.33.1-r3
fixed in 1.33.1-r6
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42386MEDIUM4.32
busybox
1.33.1-r3
fixed in 1.33.1-r6
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42378MEDIUM4.32
ssl_client
1.33.1-r3
fixed in 1.33.1-r6
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42379MEDIUM4.32
ssl_client
1.33.1-r3
fixed in 1.33.1-r6
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42380MEDIUM4.32
ssl_client
1.33.1-r3
fixed in 1.33.1-r6
2.8%
Low-Moderate Risk
Post-Exploit
CVE-2021-42381MEDIUM4.32
ssl_client
1.33.1-r3
fixed in 1.33.1-r6
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42382MEDIUM4.32
ssl_client
1.33.1-r3
fixed in 1.33.1-r6
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42383MEDIUM4.32
ssl_client
1.33.1-r3
fixed in 1.33.1-r6
2.1%
Low-Moderate Risk
Post-Exploit
CVE-2021-42384MEDIUM4.32
ssl_client
1.33.1-r3
fixed in 1.33.1-r6
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2021-42385MEDIUM4.32
ssl_client
1.33.1-r3
fixed in 1.33.1-r6
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2021-42386MEDIUM4.32
ssl_client
1.33.1-r3
fixed in 1.33.1-r6
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2022-27776LOW3.9
libcurl
7.79.1-r0
fixed in 7.79.1-r1
3.4%
Low-Moderate Risk
Post-Exploit
CVE-2023-23916LOW3.9
libcurl
7.79.1-r0
fixed in 7.79.1-r5
1.7%
Low-Moderate Risk
Post-Exploit
CVE-2022-32208LOW3.54
libcurl
7.79.1-r0
fixed in 7.79.1-r2
6.8%
Low-Moderate Risk
Post-Exploit
CVE-2022-43552LOW3.54
libcurl
7.79.1-r0
fixed in 7.79.1-r4
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2023-27535LOW3.54
libcurl
7.79.1-r0
fixed in 8.0.1-r0
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2023-27536LOW3.54
libcurl
7.79.1-r0
fixed in 8.0.1-r0
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2023-27537LOW3.54
libcurl
7.79.1-r0
fixed in 8.0.1-r0
1.9%
Low-Moderate Risk
Post-Exploit
CVE-2022-24963LOW3.53
apr
1.7.0-r0
fixed in 1.7.1-r0
1.5%
Low-Moderate Risk
Post-Exploit
CVE-2022-28331LOW3.53
apr
1.7.0-r0
fixed in 1.7.1-r0
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2022-32207LOW3.53
libcurl
7.79.1-r0
fixed in 7.79.1-r2
6.8%
Low-Moderate Risk
Post-Exploit
CVE-2022-27774LOW3.42
libcurl
7.79.1-r0
fixed in 7.79.1-r1
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2023-23915LOW3.31
libcurl
7.79.1-r0
fixed in 7.79.1-r5
0.9%
Theoretical Threat
Post-Exploit
CVE-2023-27538LOW3.3
libcurl
7.79.1-r0
fixed in 8.0.1-r0
1.2%
Low-Moderate Risk
Post-Exploit
CVE-2022-28391LOW3.17
busybox
1.33.1-r3
fixed in 1.33.1-r7
3.5%
Low-Moderate Risk
Post-Exploit
CVE-2023-27533LOW3.17
libcurl
7.79.1-r0
fixed in 8.0.1-r0
2.0%
Low-Moderate Risk
Post-Exploit
CVE-2023-27534LOW3.17
libcurl
7.79.1-r0
fixed in 8.0.1-r0
2.2%
Low-Moderate Risk
Post-Exploit
CVE-2022-28391LOW3.17
ssl_client
1.33.1-r3
fixed in 1.33.1-r7
3.5%
Low-Moderate Risk
Post-Exploit
CVE-2022-1271LOW3.17
xz-libs
5.2.5-r0
fixed in 5.2.5-r1
4.3%
Low-Moderate Risk
Post-Exploit
CVE-2022-43551LOW3.1
libcurl
7.79.1-r0
fixed in 7.79.1-r4
16.5%
High Exploitation Risk
Post-Exploit
CVE-2022-32205LOW2.97
libcurl
7.79.1-r0
fixed in 7.79.1-r2
26.9%
High Exploitation Risk
Post-Exploit
CVE-2022-22576LOW2.92
libcurl
7.79.1-r0
fixed in 7.79.1-r1
1.9%
Low-Moderate Risk
Post-Exploit
CVE-2021-42375LOW2.8
busybox
1.33.1-r3
fixed in 1.33.1-r5
0.4%
Theoretical Threat
Post-Exploit
CVE-2021-42375LOW2.8
ssl_client
1.33.1-r3
fixed in 1.33.1-r5
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-23914LOW2.78
libcurl
7.79.1-r0
fixed in 7.79.1-r5
0.9%
Theoretical Threat
Post-Exploit
CVE-2022-27775LOW2.7
libcurl
7.79.1-r0
fixed in 7.79.1-r1
2.8%
Low-Moderate Risk
Post-Exploit
CVE-2022-27781LOW2.7
libcurl
7.79.1-r0
fixed in 7.79.1-r2
2.4%
Low-Moderate Risk
Post-Exploit
CVE-2021-42374LOW2.7
busybox
1.33.1-r3
fixed in 1.33.1-r4
0.6%
Theoretical Threat
Post-Exploit
CVE-2021-42374LOW2.7
ssl_client
1.33.1-r3
fixed in 1.33.1-r4
0.6%
Theoretical Threat
Post-Exploit
CVE-2022-35252LOW2.22
libcurl
7.79.1-r0
fixed in 7.79.1-r3
1.8%
Low-Moderate Risk
Post-Exploit

Want to check another image? Run a full scan with the Docker Security Scanner.