Vulnerability Reporthttpd:2.4.53-alpine

httpd:2.4.53-alpine
DIGESTsha256:c6f65bc395fdfc24214f43d69d367fd20b1c8d393ef33d9c68048f0f59ccc32f

Executive Summary

Last scanned:

Threat Score
100/100DANGEROUS
Reputation
TRUSTED

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could achieve remote code execution (CVE-2022-24963) or cause a denial of service (CVE-2023-44487) by sending specially crafted network requests. Disabling HTTP/2 (mod_http2) would fully eliminate CVE-2023-44487, but the remaining critical vulnerabilities still require patching.

Vulnerabilities

Vulnerability Log

74 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2022-24963CRITICAL9.8
apr
1.7.0-r1
fixed in 1.7.1-r0
1.5%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2023-44487CRITICAL9.75
nghttp2-libs
1.47.0-r0
fixed in 1.47.0-r2
100.0%
Actively Exploited
Directly ExposedContext importance: HIGH
CVE-2022-37434HIGH8
zlib
1.2.12-r1
fixed in 1.2.12-r2
16.0%
High Exploitation Risk
Directly ExposedContext importance: MEDIUM
CVE-2023-0286HIGH7.7
libcrypto1.1
1.1.1o-r0
fixed in 1.1.1t-r0
59.5%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2023-0286HIGH7.7
libssl1.1
1.1.1o-r0
fixed in 1.1.1t-r0
59.5%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2023-52425HIGH7.5
expat
2.4.8-r0
fixed in 2.6.0-r0
1.8%
Low-Moderate Risk
Directly Exposed
CVE-2024-28757HIGH7.5
expat
2.4.8-r0
fixed in 2.6.2-r0
2.0%
Low-Moderate Risk
Directly Exposed
CVE-2021-35940HIGH7.1
apr
1.7.0-r1
fixed in 1.7.0-r2
1.2%
Low-Moderate Risk
Directly Exposed
CVE-2022-40303MEDIUM6.9
libxml2
2.9.14-r0
fixed in 2.9.14-r2
22.8%
High Exploitation Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-4304MEDIUM6.79
libcrypto1.1
1.1.1o-r0
fixed in 1.1.1t-r0
16.2%
High Exploitation Risk
Directly Exposed
CVE-2022-4304MEDIUM6.79
libssl1.1
1.1.1o-r0
fixed in 1.1.1t-r0
16.2%
High Exploitation Risk
Directly Exposed
CVE-2022-25147MEDIUM6.5
apr
1.7.0-r1
fixed in 1.7.1-r0
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2022-25147MEDIUM6.5
apr-util
1.6.1-r12
fixed in 1.6.3-r0
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2022-25147MEDIUM6.5
apr-util-ldap
1.6.1-r12
fixed in 1.6.3-r0
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2022-40674MEDIUM6.48
expat
2.4.8-r0
fixed in 2.4.9-r0
1.7%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-43680MEDIUM6
expat
2.4.8-r0
fixed in 2.5.0-r0
2.2%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2023-0464MEDIUM6
libcrypto1.1
1.1.1o-r0
fixed in 1.1.1t-r1
3.7%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2023-0464MEDIUM6
libssl1.1
1.1.1o-r0
fixed in 1.1.1t-r1
3.7%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2023-35945MEDIUM6
nghttp2-libs
1.47.0-r0
fixed in 1.47.0-r1
1.1%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2025-26519MEDIUM5.95
musl
1.2.3-r0
fixed in 1.2.3-r4
0.3%
Theoretical Threat
Directly Exposed
CVE-2022-2097MEDIUM5.3
libcrypto1.1
1.1.1o-r0
fixed in 1.1.1q-r0
4.4%
Low-Moderate Risk
Directly Exposed
CVE-2023-0465MEDIUM5.3
libcrypto1.1
1.1.1o-r0
fixed in 1.1.1t-r2
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2023-3446MEDIUM5.3
libcrypto1.1
1.1.1o-r0
fixed in 1.1.1u-r2
5.5%
Low-Moderate Risk
Directly Exposed
CVE-2023-3817MEDIUM5.3
libcrypto1.1
1.1.1o-r0
fixed in 1.1.1v-r0
2.6%
Low-Moderate Risk
Directly Exposed
CVE-2023-5678MEDIUM5.3
libcrypto1.1
1.1.1o-r0
fixed in 1.1.1w-r1
4.5%
Low-Moderate Risk
Directly Exposed
CVE-2022-2097MEDIUM5.3
libssl1.1
1.1.1o-r0
fixed in 1.1.1q-r0
4.4%
Low-Moderate Risk
Directly Exposed
CVE-2023-0465MEDIUM5.3
libssl1.1
1.1.1o-r0
fixed in 1.1.1t-r2
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2023-3446MEDIUM5.3
libssl1.1
1.1.1o-r0
fixed in 1.1.1u-r2
5.5%
Low-Moderate Risk
Directly Exposed
CVE-2023-3817MEDIUM5.3
libssl1.1
1.1.1o-r0
fixed in 1.1.1v-r0
2.6%
Low-Moderate Risk
Directly Exposed
CVE-2023-5678MEDIUM5.3
libssl1.1
1.1.1o-r0
fixed in 1.1.1w-r1
4.5%
Low-Moderate Risk
Directly Exposed
CVE-2023-2650MEDIUM5.07
libcrypto1.1
1.1.1o-r0
fixed in 1.1.1u-r0
73.5%
Actively Exploited
Directly Exposed
CVE-2023-2650MEDIUM5.07
libssl1.1
1.1.1o-r0
fixed in 1.1.1u-r0
73.5%
Actively Exploited
Directly Exposed
CVE-2023-52426MEDIUM4.67
expat
2.4.8-r0
fixed in 2.6.0-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2023-23914MEDIUM4.64
libcurl
7.83.1-r1
fixed in 7.83.1-r6
0.9%
Theoretical Threat
Post-Exploit
CVE-2023-38545MEDIUM4.58
libcurl
7.83.1-r1
fixed in 8.4.0-r0
78.5%
Actively Exploited
Post-Exploit
CVE-2022-42916MEDIUM4.5
libcurl
7.83.1-r1
fixed in 7.83.1-r4
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2023-28319MEDIUM4.5
libcurl
7.83.1-r1
fixed in 8.1.0-r0
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2022-32206MEDIUM4.48
libcurl
7.83.1-r1
fixed in 7.83.1-r2
32.0%
High Exploitation Risk
Post-Exploit
CVE-2023-47038LOW3.98
perl
5.34.1-r0
fixed in 5.34.2-r0
0.8%
Theoretical Threat
Post-Exploit
CVE-2023-23916LOW3.9
libcurl
7.83.1-r1
fixed in 7.83.1-r6
1.7%
Low-Moderate Risk
Post-Exploit
CVE-2023-46218LOW3.9
libcurl
7.83.1-r1
fixed in 8.5.0-r0
1.7%
Low-Moderate Risk
Post-Exploit
CVE-2025-26519LOW3.57
musl-utils
1.2.3-r0
fixed in 1.2.3-r4
0.3%
Theoretical Threat
Post-Exploit
CVE-2022-32208LOW3.54
libcurl
7.83.1-r1
fixed in 7.83.1-r2
6.8%
Low-Moderate Risk
Post-Exploit
CVE-2022-43552LOW3.54
libcurl
7.83.1-r1
fixed in 7.83.1-r5
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2023-27535LOW3.54
libcurl
7.83.1-r1
fixed in 8.0.1-r0
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2023-27536LOW3.54
libcurl
7.83.1-r1
fixed in 8.0.1-r0
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2023-27537LOW3.54
libcurl
7.83.1-r1
fixed in 8.0.1-r0
1.9%
Low-Moderate Risk
Post-Exploit
CVE-2023-28320LOW3.54
libcurl
7.83.1-r1
fixed in 8.1.0-r0
2.7%
Low-Moderate Risk
Post-Exploit
CVE-2023-28321LOW3.54
libcurl
7.83.1-r1
fixed in 8.1.0-r0
1.8%
Low-Moderate Risk
Post-Exploit
CVE-2022-28331LOW3.53
apr
1.7.0-r1
fixed in 1.7.1-r0
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2022-32207LOW3.53
libcurl
7.83.1-r1
fixed in 7.83.1-r2
6.8%
Low-Moderate Risk
Post-Exploit
CVE-2022-32221LOW3.53
libcurl
7.83.1-r1
fixed in 7.83.1-r4
4.3%
Low-Moderate Risk
Post-Exploit
CVE-2023-38039LOW3.51
libcurl
7.83.1-r1
fixed in 8.3.0-r0
62.2%
Actively Exploited
Post-Exploit
CVE-2023-23915LOW3.31
libcurl
7.83.1-r1
fixed in 7.83.1-r6
0.9%
Theoretical Threat
Post-Exploit
CVE-2023-27538LOW3.3
libcurl
7.83.1-r1
fixed in 8.0.1-r0
1.2%
Low-Moderate Risk
Post-Exploit
CVE-2023-46219LOW3.18
libcurl
7.83.1-r1
fixed in 8.5.0-r0
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2023-27533LOW3.17
libcurl
7.83.1-r1
fixed in 8.0.1-r0
2.0%
Low-Moderate Risk
Post-Exploit
CVE-2023-27534LOW3.17
libcurl
7.83.1-r1
fixed in 8.0.1-r0
2.2%
Low-Moderate Risk
Post-Exploit
CVE-2022-4450LOW3.1
libcrypto1.1
1.1.1o-r0
fixed in 1.1.1t-r0
20.4%
High Exploitation Risk
Post-Exploit
CVE-2022-43551LOW3.1
libcurl
7.83.1-r1
fixed in 7.83.1-r5
16.5%
High Exploitation Risk
Post-Exploit
CVE-2022-4450LOW3.1
libssl1.1
1.1.1o-r0
fixed in 1.1.1t-r0
20.4%
High Exploitation Risk
Post-Exploit
CVE-2022-32205LOW2.97
libcurl
7.83.1-r1
fixed in 7.83.1-r2
26.9%
High Exploitation Risk
Post-Exploit
CVE-2022-42915LOW2.92
libcurl
7.83.1-r1
fixed in 7.83.1-r4
2.9%
Low-Moderate Risk
Post-Exploit
CVE-2022-30065LOW2.81
busybox
1.35.0-r13
fixed in 1.35.0-r15
1.2%
Low-Moderate Risk
Post-Exploit
CVE-2022-40304LOW2.81
libxml2
2.9.14-r0
fixed in 2.9.14-r2
6.8%
Low-Moderate Risk
Post-Exploit
CVE-2022-30065LOW2.81
ssl_client
1.35.0-r13
fixed in 1.35.0-r15
1.2%
Low-Moderate Risk
Post-Exploit
CVE-2023-42366LOW2.8
busybox
1.35.0-r13
fixed in 1.35.0-r18
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42366LOW2.8
ssl_client
1.35.0-r13
fixed in 1.35.0-r18
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-0215LOW2.7
libcrypto1.1
1.1.1o-r0
fixed in 1.1.1t-r0
4.5%
Low-Moderate Risk
Post-Exploit
CVE-2023-0215LOW2.7
libssl1.1
1.1.1o-r0
fixed in 1.1.1t-r0
4.5%
Low-Moderate Risk
Post-Exploit
CVE-2022-2309LOW2.7
libxml2
2.9.14-r0
fixed in 2.9.14-r1
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2022-35252LOW2.22
libcurl
7.83.1-r1
fixed in 7.83.1-r3
1.8%
Low-Moderate Risk
Post-Exploit
CVE-2023-28322LOW2.22
libcurl
7.83.1-r1
fixed in 8.1.0-r0
2.2%
Low-Moderate Risk
Post-Exploit
CVE-2023-38546LOW2.22
libcurl
7.83.1-r1
fixed in 8.4.0-r0
6.2%
Low-Moderate Risk
Post-Exploit

Want to check another image? Run a full scan with the Docker Security Scanner.