Vulnerability Reporthttpd:2.4.52-alpine

httpd:2.4.52-alpine
DIGESTsha256:1befd21fdaeec7696d41b3c14bf50dbbe88df750759ea022666ecab121633462

Executive Summary

Last scanned:

Threat Score
74/100CAUTION
Reputation
TRUSTED

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could exploit these vulnerabilities to achieve remote code execution, gain unauthorized access to sensitive data, or disrupt service availability. Note that CVE-2022-29155 only applies if the LDAP backend is enabled, and CVE-2022-37434 requires the application to call inflateGetHeader, which may not be the case in typical HTTPD deployments. However, many other vulnerabilities are remotely exploitable without authentication and should be addressed by updating the base image or applying vendor patches. Without immediate remediation, deploying this image in an internet-facing environment poses substantial risk.

Vulnerabilities

Vulnerability Log

101 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2022-25236CRITICAL10
expat
2.4.1-r0
fixed in 2.4.5-r0
34.2%
High Exploitation Risk
Directly Exposed
CVE-2022-29155CRITICAL10
libldap
2.6.0-r0
fixed in 2.6.2-r0
69.9%
Actively Exploited
Directly Exposed
CVE-2022-37434CRITICAL10
zlib
1.2.11-r3
fixed in 1.2.12-r2
15.9%
High Exploitation Risk
Directly Exposed
CVE-2022-24963CRITICAL9.8
apr
1.7.0-r0
fixed in 1.7.1-r0
1.5%
Low-Moderate Risk
Directly Exposed
CVE-2022-28331CRITICAL9.8
apr
1.7.0-r0
fixed in 1.7.1-r0
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2022-22822CRITICAL9.8
expat
2.4.1-r0
fixed in 2.4.3-r0
4.8%
Low-Moderate Risk
Directly Exposed
CVE-2022-22823CRITICAL9.8
expat
2.4.1-r0
fixed in 2.4.3-r0
3.4%
Low-Moderate Risk
Directly Exposed
CVE-2022-22824CRITICAL9.8
expat
2.4.1-r0
fixed in 2.4.3-r0
3.4%
Low-Moderate Risk
Directly Exposed
CVE-2022-23852CRITICAL9.8
expat
2.4.1-r0
fixed in 2.4.4-r0
4.5%
Low-Moderate Risk
Directly Exposed
CVE-2022-25235CRITICAL9.8
expat
2.4.1-r0
fixed in 2.4.5-r0
5.0%
Low-Moderate Risk
Directly Exposed
CVE-2022-25315CRITICAL9.8
expat
2.4.1-r0
fixed in 2.4.5-r0
4.8%
Low-Moderate Risk
Directly Exposed
CVE-2022-0778CRITICAL9.75
libcrypto1.1
1.1.1l-r8
fixed in 1.1.1n-r0
70.6%
Actively Exploited
Directly Exposed
CVE-2022-0778CRITICAL9.75
libretls
3.3.4-r2
fixed in 3.3.4-r3
70.6%
Actively Exploited
Directly Exposed
CVE-2022-0778CRITICAL9.75
libssl1.1
1.1.1l-r8
fixed in 1.1.1n-r0
70.6%
Actively Exploited
Directly Exposed
CVE-2023-44487CRITICAL9.75
nghttp2-libs
1.46.0-r0
fixed in 1.46.0-r2
100.0%
Actively Exploited
Directly Exposed
CVE-2018-25032CRITICAL9.75
zlib
1.2.11-r3
fixed in 1.2.12-r0
51.7%
Actively Exploited
Directly Exposed
CVE-2023-0286CRITICAL9.62
libcrypto1.1
1.1.1l-r8
fixed in 1.1.1t-r0
59.5%
Actively Exploited
Directly Exposed
CVE-2023-0286CRITICAL9.62
libssl1.1
1.1.1l-r8
fixed in 1.1.1t-r0
59.5%
Actively Exploited
Directly Exposed
CVE-2021-45960HIGH8.8
expat
2.4.1-r0
fixed in 2.4.3-r0
4.2%
Low-Moderate Risk
Directly Exposed
CVE-2022-22825HIGH8.8
expat
2.4.1-r0
fixed in 2.4.3-r0
2.6%
Low-Moderate Risk
Directly Exposed
CVE-2022-22826HIGH8.8
expat
2.4.1-r0
fixed in 2.4.3-r0
2.8%
Low-Moderate Risk
Directly Exposed
CVE-2022-22827HIGH8.8
expat
2.4.1-r0
fixed in 2.4.3-r0
2.8%
Low-Moderate Risk
Directly Exposed
CVE-2022-24407HIGH8.8
libsasl
2.1.27-r14
fixed in 2.1.28-r0
4.1%
Low-Moderate Risk
Directly Exposed
CVE-2022-1271HIGH8.8
xz-libs
5.2.5-r0
fixed in 5.2.5-r1
4.3%
Low-Moderate Risk
Directly Exposed
CVE-2022-4450HIGH8.62
libcrypto1.1
1.1.1l-r8
fixed in 1.1.1t-r0
20.4%
High Exploitation Risk
Directly Exposed
CVE-2022-4450HIGH8.62
libssl1.1
1.1.1l-r8
fixed in 1.1.1t-r0
20.4%
High Exploitation Risk
Directly Exposed
CVE-2022-40303HIGH8.62
libxml2
2.9.12-r2
fixed in 2.9.14-r2
22.8%
High Exploitation Risk
Directly Exposed
CVE-2023-2650HIGH8.45
libcrypto1.1
1.1.1l-r8
fixed in 1.1.1u-r0
73.5%
Actively Exploited
Directly Exposed
CVE-2023-2650HIGH8.45
libssl1.1
1.1.1l-r8
fixed in 1.1.1u-r0
73.5%
Actively Exploited
Directly Exposed
CVE-2022-40674HIGH8.1
expat
2.4.1-r0
fixed in 2.4.9-r0
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2021-46143HIGH7.8
expat
2.4.1-r0
fixed in 2.4.3-r0
3.8%
Low-Moderate Risk
Directly Exposed
CVE-2022-40304HIGH7.8
libxml2
2.9.12-r2
fixed in 2.9.14-r2
6.8%
Low-Moderate Risk
Directly Exposed
CVE-2023-38545HIGH7.64
libcurl
7.80.0-r0
fixed in 8.4.0-r0
78.5%
Actively Exploited
Post-Exploit
CVE-2022-23990HIGH7.5
expat
2.4.1-r0
fixed in 2.4.4-r0
4.0%
Low-Moderate Risk
Directly Exposed
CVE-2022-25314HIGH7.5
expat
2.4.1-r0
fixed in 2.4.5-r0
4.7%
Low-Moderate Risk
Directly Exposed
CVE-2022-43680HIGH7.5
expat
2.4.1-r0
fixed in 2.5.0-r0
2.2%
Low-Moderate Risk
Directly Exposed
CVE-2023-0215HIGH7.5
libcrypto1.1
1.1.1l-r8
fixed in 1.1.1t-r0
4.5%
Low-Moderate Risk
Directly Exposed
CVE-2023-0464HIGH7.5
libcrypto1.1
1.1.1l-r8
fixed in 1.1.1t-r2
3.7%
Low-Moderate Risk
Directly Exposed
CVE-2023-0215HIGH7.5
libssl1.1
1.1.1l-r8
fixed in 1.1.1t-r0
4.5%
Low-Moderate Risk
Directly Exposed
CVE-2023-0464HIGH7.5
libssl1.1
1.1.1l-r8
fixed in 1.1.1t-r2
3.7%
Low-Moderate Risk
Directly Exposed
CVE-2022-2309HIGH7.5
libxml2
2.9.12-r2
fixed in 2.9.14-r1
2.5%
Low-Moderate Risk
Directly Exposed
CVE-2022-23308HIGH7.5
libxml2
2.9.12-r2
fixed in 2.9.13-r0
6.0%
Low-Moderate Risk
Directly Exposed
CVE-2023-35945HIGH7.5
nghttp2-libs
1.46.0-r0
fixed in 1.46.0-r1
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2021-35940HIGH7.1
apr
1.7.0-r0
fixed in 1.7.0-r1
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2022-4304MEDIUM6.79
libcrypto1.1
1.1.1l-r8
fixed in 1.1.1t-r0
16.2%
High Exploitation Risk
Directly Exposed
CVE-2022-4304MEDIUM6.79
libssl1.1
1.1.1l-r8
fixed in 1.1.1t-r0
16.2%
High Exploitation Risk
Directly Exposed
CVE-2022-25147MEDIUM6.5
apr
1.7.0-r0
fixed in 1.7.1-r0
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2022-25147MEDIUM6.5
apr-util
1.6.1-r11
fixed in 1.6.3-r0
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2022-25147MEDIUM6.5
apr-util-ldap
1.6.1-r11
fixed in 1.6.3-r0
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2022-25313MEDIUM6.5
expat
2.4.1-r0
fixed in 2.4.5-r0
3.3%
Low-Moderate Risk
Directly Exposed
CVE-2022-29824MEDIUM6.5
libxml2
2.9.12-r2
fixed in 2.9.14-r0
3.6%
Low-Moderate Risk
Directly Exposed
CVE-2022-32207MEDIUM5.88
libcurl
7.80.0-r0
fixed in 7.80.0-r2
6.8%
Low-Moderate Risk
Post-Exploit
CVE-2022-32221MEDIUM5.88
libcurl
7.80.0-r0
fixed in 7.80.0-r4
4.3%
Low-Moderate Risk
Post-Exploit
CVE-2023-38039MEDIUM5.85
libcurl
7.80.0-r0
fixed in 8.3.0-r0
62.2%
Actively Exploited
Post-Exploit
CVE-2022-2097MEDIUM5.3
libcrypto1.1
1.1.1l-r8
fixed in 1.1.1q-r0
4.4%
Low-Moderate Risk
Directly Exposed
CVE-2023-0465MEDIUM5.3
libcrypto1.1
1.1.1l-r8
fixed in 1.1.1t-r2
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2023-3446MEDIUM5.3
libcrypto1.1
1.1.1l-r8
fixed in 1.1.1u-r2
5.5%
Low-Moderate Risk
Directly Exposed
CVE-2023-3817MEDIUM5.3
libcrypto1.1
1.1.1l-r8
fixed in 1.1.1v-r0
2.6%
Low-Moderate Risk
Directly Exposed
CVE-2023-5678MEDIUM5.3
libcrypto1.1
1.1.1l-r8
fixed in 1.1.1w-r1
4.5%
Low-Moderate Risk
Directly Exposed
CVE-2022-2097MEDIUM5.3
libssl1.1
1.1.1l-r8
fixed in 1.1.1q-r0
4.4%
Low-Moderate Risk
Directly Exposed
CVE-2023-0465MEDIUM5.3
libssl1.1
1.1.1l-r8
fixed in 1.1.1t-r2
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2023-3446MEDIUM5.3
libssl1.1
1.1.1l-r8
fixed in 1.1.1u-r2
5.5%
Low-Moderate Risk
Directly Exposed
CVE-2023-3817MEDIUM5.3
libssl1.1
1.1.1l-r8
fixed in 1.1.1v-r0
2.6%
Low-Moderate Risk
Directly Exposed
CVE-2023-5678MEDIUM5.3
libssl1.1
1.1.1l-r8
fixed in 1.1.1w-r1
4.5%
Low-Moderate Risk
Directly Exposed
CVE-2022-28391MEDIUM5.28
busybox
1.34.1-r3
fixed in 1.34.1-r5
3.5%
Low-Moderate Risk
Post-Exploit
CVE-2023-27533MEDIUM5.28
libcurl
7.80.0-r0
fixed in 8.0.1-r0
2.0%
Low-Moderate Risk
Post-Exploit
CVE-2023-27534MEDIUM5.28
libcurl
7.80.0-r0
fixed in 8.0.1-r0
2.2%
Low-Moderate Risk
Post-Exploit
CVE-2022-28391MEDIUM5.28
ssl_client
1.34.1-r3
fixed in 1.34.1-r5
3.5%
Low-Moderate Risk
Post-Exploit
CVE-2022-43551MEDIUM5.17
libcurl
7.80.0-r0
fixed in 7.80.0-r5
16.5%
High Exploitation Risk
Post-Exploit
CVE-2022-22576MEDIUM4.86
libcurl
7.80.0-r0
fixed in 7.80.0-r1
1.9%
Low-Moderate Risk
Post-Exploit
CVE-2022-42915MEDIUM4.86
libcurl
7.80.0-r0
fixed in 7.80.0-r4
2.9%
Low-Moderate Risk
Post-Exploit
CVE-2021-3995MEDIUM4.67
libuuid
2.37.2-r1
fixed in 2.37.3-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2021-3996MEDIUM4.67
libuuid
2.37.2-r1
fixed in 2.37.3-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2022-0563MEDIUM4.67
libuuid
2.37.2-r1
fixed in 2.37.4-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2023-23914MEDIUM4.64
libcurl
7.80.0-r0
fixed in 7.80.0-r6
0.9%
Theoretical Threat
Post-Exploit
CVE-2022-27775MEDIUM4.5
libcurl
7.80.0-r0
fixed in 7.80.0-r1
2.8%
Low-Moderate Risk
Post-Exploit
CVE-2022-27780MEDIUM4.5
libcurl
7.80.0-r0
fixed in 7.80.0-r2
2.2%
Low-Moderate Risk
Post-Exploit
CVE-2022-27781MEDIUM4.5
libcurl
7.80.0-r0
fixed in 7.80.0-r2
2.4%
Low-Moderate Risk
Post-Exploit
CVE-2022-27782MEDIUM4.5
libcurl
7.80.0-r0
fixed in 7.80.0-r2
2.6%
Low-Moderate Risk
Post-Exploit
CVE-2022-42916MEDIUM4.5
libcurl
7.80.0-r0
fixed in 7.80.0-r4
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2023-28319MEDIUM4.5
libcurl
7.80.0-r0
fixed in 8.1.0-r0
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2022-32206MEDIUM4.48
libcurl
7.80.0-r0
fixed in 7.80.0-r2
32.0%
High Exploitation Risk
Post-Exploit
CVE-2023-47038LOW3.98
perl
5.34.0-r1
fixed in 5.34.2-r0
0.8%
Theoretical Threat
Post-Exploit
CVE-2022-27776LOW3.9
libcurl
7.80.0-r0
fixed in 7.80.0-r1
3.4%
Low-Moderate Risk
Post-Exploit
CVE-2023-23916LOW3.9
libcurl
7.80.0-r0
fixed in 7.80.0-r6
1.7%
Low-Moderate Risk
Post-Exploit
CVE-2023-46218LOW3.9
libcurl
7.80.0-r0
fixed in 8.5.0-r0
1.7%
Low-Moderate Risk
Post-Exploit
CVE-2022-32208LOW3.54
libcurl
7.80.0-r0
fixed in 7.80.0-r2
6.8%
Low-Moderate Risk
Post-Exploit
CVE-2022-43552LOW3.54
libcurl
7.80.0-r0
fixed in 7.80.0-r5
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2023-27535LOW3.54
libcurl
7.80.0-r0
fixed in 8.0.1-r0
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2023-27536LOW3.54
libcurl
7.80.0-r0
fixed in 8.0.1-r0
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2023-27537LOW3.54
libcurl
7.80.0-r0
fixed in 8.0.1-r0
1.9%
Low-Moderate Risk
Post-Exploit
CVE-2023-28320LOW3.54
libcurl
7.80.0-r0
fixed in 8.1.0-r0
2.7%
Low-Moderate Risk
Post-Exploit
CVE-2023-28321LOW3.54
libcurl
7.80.0-r0
fixed in 8.1.0-r0
1.8%
Low-Moderate Risk
Post-Exploit
CVE-2022-27774LOW3.42
libcurl
7.80.0-r0
fixed in 7.80.0-r1
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2023-23915LOW3.31
libcurl
7.80.0-r0
fixed in 7.80.0-r6
0.9%
Theoretical Threat
Post-Exploit
CVE-2023-27538LOW3.3
libcurl
7.80.0-r0
fixed in 8.0.1-r0
1.2%
Low-Moderate Risk
Post-Exploit
CVE-2023-46219LOW3.18
libcurl
7.80.0-r0
fixed in 8.5.0-r0
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2022-32205LOW2.97
libcurl
7.80.0-r0
fixed in 7.80.0-r2
26.9%
High Exploitation Risk
Post-Exploit
CVE-2022-35252LOW2.22
libcurl
7.80.0-r0
fixed in 7.80.0-r3
1.8%
Low-Moderate Risk
Post-Exploit
CVE-2023-28322LOW2.22
libcurl
7.80.0-r0
fixed in 8.1.0-r0
2.2%
Low-Moderate Risk
Post-Exploit
CVE-2023-38546LOW2.22
libcurl
7.80.0-r0
fixed in 8.4.0-r0
6.2%
Low-Moderate Risk
Post-Exploit

Want to check another image? Run a full scan with the Docker Security Scanner.