Vulnerability Reporthttpd:2.4.54-alpine

httpd:2.4.54-alpine
DIGESTsha256:3e28d0745563a7033c5d6db21a8681ecf64bdc765354d86d9181be613cd8bf32

Executive Summary

Last scanned:

Threat Score
100/100DANGEROUS
Reputation
TRUSTED

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could cause denial of service or potentially execute arbitrary code via the HTTP/2 Rapid Reset attack (CVE-2023-44487), which is actively exploited and requires no special configuration. Other high-severity issues like stack buffer overflows in OpenSSL (CVE-2025-15467) are only reachable if httpd is configured to parse CMS messages, which is not default. Disabling HTTP/2 (mod_http2) would fully mitigate CVE-2023-44487, but would reduce functionality. Immediate remediation or replacement is urgent.

Vulnerabilities

Vulnerability Log

133 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2023-44487CRITICAL9.75
nghttp2-libs
1.51.0-r0
fixed in 1.51.0-r2
100.0%
Actively Exploited
Directly ExposedContext importance: HIGH
CVE-2025-15467HIGH8
libcrypto3
3.0.7-r2
fixed in 3.0.19-r0
47.6%
High Exploitation Risk
Directly ExposedContext importance: MEDIUM
CVE-2025-15467HIGH8
libssl3
3.0.7-r2
fixed in 3.0.19-r0
47.6%
High Exploitation Risk
Directly ExposedContext importance: MEDIUM
CVE-2022-24963HIGH7.84
apr
1.7.0-r2
fixed in 1.7.1-r0
1.5%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2024-6119HIGH7.8
libcrypto3
3.0.7-r2
fixed in 3.0.15-r0
66.6%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2024-6119HIGH7.8
libssl3
3.0.7-r2
fixed in 3.0.15-r0
66.6%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2023-0286HIGH7.7
libcrypto3
3.0.7-r2
fixed in 3.0.8-r0
59.5%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2023-0286HIGH7.7
libssl3
3.0.7-r2
fixed in 3.0.8-r0
59.5%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2023-0401HIGH7.5
libcrypto3
3.0.7-r2
fixed in 3.0.8-r0
1.8%
Low-Moderate Risk
Directly Exposed
CVE-2023-0464HIGH7.5
libcrypto3
3.0.7-r2
fixed in 3.0.8-r1
3.7%
Low-Moderate Risk
Directly Exposed
CVE-2023-5363HIGH7.5
libcrypto3
3.0.7-r2
fixed in 3.0.12-r0
3.3%
Low-Moderate Risk
Directly Exposed
CVE-2023-52425HIGH7.5
libexpat
2.5.0-r0
fixed in 2.6.0-r0
1.8%
Low-Moderate Risk
Directly Exposed
CVE-2024-28757HIGH7.5
libexpat
2.5.0-r0
fixed in 2.6.2-r0
2.0%
Low-Moderate Risk
Directly Exposed
CVE-2024-45490HIGH7.5
libexpat
2.5.0-r0
fixed in 2.6.3-r0
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2023-0217HIGH7.5
libssl3
3.0.7-r2
fixed in 3.0.8-r0
1.8%
Low-Moderate Risk
Directly Exposed
CVE-2023-0401HIGH7.5
libssl3
3.0.7-r2
fixed in 3.0.8-r0
1.8%
Low-Moderate Risk
Directly Exposed
CVE-2023-0464HIGH7.5
libssl3
3.0.7-r2
fixed in 3.0.8-r1
3.7%
Low-Moderate Risk
Directly Exposed
CVE-2023-5363HIGH7.5
libssl3
3.0.7-r2
fixed in 3.0.12-r0
3.3%
Low-Moderate Risk
Directly Exposed
CVE-2023-35945HIGH7.5
nghttp2-libs
1.51.0-r0
fixed in 1.51.0-r1
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2022-4304MEDIUM6.79
libcrypto3
3.0.7-r2
fixed in 3.0.8-r0
16.2%
High Exploitation Risk
Directly Exposed
CVE-2022-4304MEDIUM6.79
libssl3
3.0.7-r2
fixed in 3.0.8-r0
16.2%
High Exploitation Risk
Directly Exposed
CVE-2023-2650MEDIUM6.76
libcrypto3
3.0.7-r2
fixed in 3.0.9-r0
73.5%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2023-2650MEDIUM6.76
libssl3
3.0.7-r2
fixed in 3.0.9-r0
73.5%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2022-25147MEDIUM6.5
apr
1.7.0-r2
fixed in 1.7.1-r0
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2022-25147MEDIUM6.5
apr-util
1.6.1-r14
fixed in 1.6.3-r0
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2022-25147MEDIUM6.5
apr-util-ldap
1.6.1-r14
fixed in 1.6.3-r0
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2023-6129MEDIUM6.5
libcrypto3
3.0.7-r2
fixed in 3.0.12-r2
2.3%
Low-Moderate Risk
Directly Exposed
CVE-2023-6129MEDIUM6.5
libssl3
3.0.7-r2
fixed in 3.0.12-r2
2.3%
Low-Moderate Risk
Directly Exposed
CVE-2023-28484MEDIUM6.5
libxml2
2.10.3-r1
fixed in 2.10.4-r0
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2023-29469MEDIUM6.5
libxml2
2.10.3-r1
fixed in 2.10.4-r0
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2025-69421MEDIUM6.38
libcrypto3
3.0.7-r2
fixed in 3.0.19-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-69421MEDIUM6.38
libssl3
3.0.7-r2
fixed in 3.0.19-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-69419MEDIUM6.29
libcrypto3
3.0.7-r2
fixed in 3.0.19-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-69419MEDIUM6.29
libssl3
3.0.7-r2
fixed in 3.0.19-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-26519MEDIUM5.95
musl
1.2.3-r4
fixed in 1.2.3-r6
0.3%
Theoretical Threat
Directly Exposed
CVE-2023-6237MEDIUM5.9
libcrypto3
3.0.7-r2
fixed in 3.0.12-r3
2.3%
Low-Moderate Risk
Directly Exposed
CVE-2024-5535MEDIUM5.9
libcrypto3
3.0.7-r2
fixed in 3.0.14-r0
5.6%
Low-Moderate Risk
Directly Exposed
CVE-2024-50602MEDIUM5.9
libexpat
2.5.0-r0
fixed in 2.6.4-r0
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2023-6237MEDIUM5.9
libssl3
3.0.7-r2
fixed in 3.0.12-r3
2.3%
Low-Moderate Risk
Directly Exposed
CVE-2024-5535MEDIUM5.9
libssl3
3.0.7-r2
fixed in 3.0.14-r0
5.6%
Low-Moderate Risk
Directly Exposed
CVE-2025-9230MEDIUM5.6
libcrypto3
3.0.7-r2
fixed in 3.0.19-r0
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2024-4741MEDIUM5.6
libcrypto3
3.0.7-r2
fixed in 3.0.14-r0
2.9%
Low-Moderate Risk
Directly Exposed
CVE-2025-9230MEDIUM5.6
libssl3
3.0.7-r2
fixed in 3.0.19-r0
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2024-4741MEDIUM5.6
libssl3
3.0.7-r2
fixed in 3.0.14-r0
2.9%
Low-Moderate Risk
Directly Exposed
CVE-2024-0727MEDIUM5.5
libcrypto3
3.0.7-r2
fixed in 3.0.12-r4
3.2%
Low-Moderate Risk
Directly Exposed
CVE-2024-0727MEDIUM5.5
libssl3
3.0.7-r2
fixed in 3.0.12-r4
3.2%
Low-Moderate Risk
Directly Exposed
CVE-2023-0465MEDIUM5.3
libcrypto3
3.0.7-r2
fixed in 3.0.8-r2
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2023-0466MEDIUM5.3
libcrypto3
3.0.7-r2
fixed in 3.0.8-r3
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2023-3446MEDIUM5.3
libcrypto3
3.0.7-r2
fixed in 3.0.9-r3
5.5%
Low-Moderate Risk
Directly Exposed
CVE-2023-3817MEDIUM5.3
libcrypto3
3.0.7-r2
fixed in 3.0.10-r0
2.6%
Low-Moderate Risk
Directly Exposed
CVE-2023-5678MEDIUM5.3
libcrypto3
3.0.7-r2
fixed in 3.0.12-r1
4.5%
Low-Moderate Risk
Directly Exposed
CVE-2024-4603MEDIUM5.3
libcrypto3
3.0.7-r2
fixed in 3.0.13-r0
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2023-0465MEDIUM5.3
libssl3
3.0.7-r2
fixed in 3.0.8-r2
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2023-0466MEDIUM5.3
libssl3
3.0.7-r2
fixed in 3.0.8-r3
1.6%
Low-Moderate Risk
Directly Exposed
CVE-2023-3446MEDIUM5.3
libssl3
3.0.7-r2
fixed in 3.0.9-r3
5.5%
Low-Moderate Risk
Directly Exposed
CVE-2023-3817MEDIUM5.3
libssl3
3.0.7-r2
fixed in 3.0.10-r0
2.6%
Low-Moderate Risk
Directly Exposed
CVE-2023-5678MEDIUM5.3
libssl3
3.0.7-r2
fixed in 3.0.12-r1
4.5%
Low-Moderate Risk
Directly Exposed
CVE-2024-4603MEDIUM5.3
libssl3
3.0.7-r2
fixed in 3.0.13-r0
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2023-1255MEDIUM5.02
libcrypto3
3.0.7-r2
fixed in 3.0.8-r4
1.0%
Theoretical Threat
Directly Exposed
CVE-2025-69420MEDIUM5.02
libcrypto3
3.0.7-r2
fixed in 3.0.19-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-22796MEDIUM5.02
libcrypto3
3.0.7-r2
fixed in 3.0.19-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2023-1255MEDIUM5.02
libssl3
3.0.7-r2
fixed in 3.0.8-r4
1.0%
Theoretical Threat
Directly Exposed
CVE-2025-69420MEDIUM5.02
libssl3
3.0.7-r2
fixed in 3.0.19-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-22796MEDIUM5.02
libssl3
3.0.7-r2
fixed in 3.0.19-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2022-4203MEDIUM4.9
libcrypto3
3.0.7-r2
fixed in 3.0.8-r0
1.5%
Low-Moderate Risk
Directly Exposed
CVE-2022-4203MEDIUM4.9
libssl3
3.0.7-r2
fixed in 3.0.8-r0
1.5%
Low-Moderate Risk
Directly Exposed
CVE-2024-2511MEDIUM4.81
libcrypto3
3.0.7-r2
fixed in 3.0.12-r5
54.0%
Actively Exploited
Directly Exposed
CVE-2024-2511MEDIUM4.81
libssl3
3.0.7-r2
fixed in 3.0.12-r5
54.0%
Actively Exploited
Directly Exposed
CVE-2023-49582MEDIUM4.67
apr
1.7.0-r2
fixed in 1.7.5-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-22795MEDIUM4.67
libcrypto3
3.0.7-r2
fixed in 3.0.19-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2023-52426MEDIUM4.67
libexpat
2.5.0-r0
fixed in 2.6.0-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-22795MEDIUM4.67
libssl3
3.0.7-r2
fixed in 3.0.19-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2023-38545MEDIUM4.58
libcurl
7.87.0-r0
fixed in 8.4.0-r0
78.5%
Actively Exploited
Post-Exploit
CVE-2023-2975MEDIUM4.5
libcrypto3
3.0.7-r2
fixed in 3.0.9-r2
0.5%
Theoretical Threat
Directly Exposed
CVE-2023-2975MEDIUM4.5
libssl3
3.0.7-r2
fixed in 3.0.9-r2
0.5%
Theoretical Threat
Directly Exposed
CVE-2024-13176MEDIUM4
libcrypto3
3.0.7-r2
fixed in 3.0.19-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-68160MEDIUM4
libcrypto3
3.0.7-r2
fixed in 3.0.19-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-13176MEDIUM4
libssl3
3.0.7-r2
fixed in 3.0.19-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-68160MEDIUM4
libssl3
3.0.7-r2
fixed in 3.0.19-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2023-47038LOW3.98
perl
5.36.0-r0
fixed in 5.36.2-r0
0.8%
Theoretical Threat
Post-Exploit
CVE-2024-9143LOW3.7
libcrypto3
3.0.7-r2
fixed in 3.0.15-r1
6.0%
Low-Moderate Risk
Directly Exposed
CVE-2024-9143LOW3.7
libssl3
3.0.7-r2
fixed in 3.0.15-r1
6.0%
Low-Moderate Risk
Directly Exposed
CVE-2025-26519LOW3.57
musl-utils
1.2.3-r4
fixed in 1.2.3-r6
0.3%
Theoretical Threat
Post-Exploit
CVE-2023-27535LOW3.54
libcurl
7.87.0-r0
fixed in 7.88.1-r1
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2023-27536LOW3.54
libcurl
7.87.0-r0
fixed in 7.88.1-r1
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2023-27537LOW3.54
libcurl
7.87.0-r0
fixed in 7.88.1-r1
1.9%
Low-Moderate Risk
Post-Exploit
CVE-2023-28320LOW3.54
libcurl
7.87.0-r0
fixed in 8.1.0-r0
2.7%
Low-Moderate Risk
Post-Exploit
CVE-2023-28321LOW3.54
libcurl
7.87.0-r0
fixed in 8.1.0-r0
1.8%
Low-Moderate Risk
Post-Exploit
CVE-2022-28331LOW3.53
apr
1.7.0-r2
fixed in 1.7.1-r0
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2024-45491LOW3.53
libexpat
2.5.0-r0
fixed in 2.6.3-r0
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2024-45492LOW3.53
libexpat
2.5.0-r0
fixed in 2.6.3-r0
1.4%
Low-Moderate Risk
Post-Exploit
CVE-2023-38039LOW3.51
libcurl
7.87.0-r0
fixed in 8.3.0-r0
62.2%
Actively Exploited
Post-Exploit
CVE-2025-69418LOW3.4
libcrypto3
3.0.7-r2
fixed in 3.0.19-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2025-69418LOW3.4
libssl3
3.0.7-r2
fixed in 3.0.19-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2023-23915LOW3.31
libcurl
7.87.0-r0
fixed in 7.87.0-r2
0.9%
Theoretical Threat
Post-Exploit
CVE-2023-27538LOW3.3
libcurl
7.87.0-r0
fixed in 7.88.1-r1
1.2%
Low-Moderate Risk
Post-Exploit
CVE-2024-2379LOW3.24
libcurl
7.87.0-r0
fixed in 8.7.1-r0
1.7%
Low-Moderate Risk
Post-Exploit
CVE-2023-46219LOW3.18
libcurl
7.87.0-r0
fixed in 8.5.0-r0
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2024-0853LOW3.18
libcurl
7.87.0-r0
fixed in 8.6.0-r0
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2024-2466LOW3.18
libcurl
7.87.0-r0
fixed in 8.7.1-r0
1.3%
Low-Moderate Risk
Post-Exploit
CVE-2024-2004LOW3.18
libcurl
7.87.0-r0
fixed in 8.7.1-r0
1.7%
Low-Moderate Risk
Post-Exploit
CVE-2023-27533LOW3.17
libcurl
7.87.0-r0
fixed in 7.88.1-r1
2.0%
Low-Moderate Risk
Post-Exploit
CVE-2023-27534LOW3.17
libcurl
7.87.0-r0
fixed in 7.88.1-r1
2.2%
Low-Moderate Risk
Post-Exploit
CVE-2022-4450LOW3.1
libcrypto3
3.0.7-r2
fixed in 3.0.8-r0
20.4%
High Exploitation Risk
Post-Exploit
CVE-2024-2398LOW3.1
libcurl
7.87.0-r0
fixed in 8.7.1-r0
36.1%
High Exploitation Risk
Post-Exploit
CVE-2022-4450LOW3.1
libssl3
3.0.7-r2
fixed in 3.0.8-r0
20.4%
High Exploitation Risk
Post-Exploit
CVE-2025-9232LOW3.1
libcrypto3
3.0.7-r2
fixed in 3.0.19-r0
2.0%
Low-Moderate Risk
Directly Exposed
CVE-2025-9232LOW3.1
libssl3
3.0.7-r2
fixed in 3.0.19-r0
2.0%
Low-Moderate Risk
Directly Exposed
CVE-2023-42363LOW2.8
busybox
1.35.0-r29
fixed in 1.35.0-r31
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42364LOW2.8
busybox
1.35.0-r29
fixed in 1.35.0-r31
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42365LOW2.8
busybox
1.35.0-r29
fixed in 1.35.0-r31
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42366LOW2.8
busybox
1.35.0-r29
fixed in 1.35.0-r30
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42363LOW2.8
busybox-binsh
1.35.0-r29
fixed in 1.35.0-r31
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42364LOW2.8
busybox-binsh
1.35.0-r29
fixed in 1.35.0-r31
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42365LOW2.8
busybox-binsh
1.35.0-r29
fixed in 1.35.0-r31
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42366LOW2.8
busybox-binsh
1.35.0-r29
fixed in 1.35.0-r30
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42363LOW2.8
ssl_client
1.35.0-r29
fixed in 1.35.0-r31
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42364LOW2.8
ssl_client
1.35.0-r29
fixed in 1.35.0-r31
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42365LOW2.8
ssl_client
1.35.0-r29
fixed in 1.35.0-r31
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42366LOW2.8
ssl_client
1.35.0-r29
fixed in 1.35.0-r30
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-23914LOW2.78
libcurl
7.87.0-r0
fixed in 7.87.0-r2
0.9%
Theoretical Threat
Post-Exploit
CVE-2023-0215LOW2.7
libcrypto3
3.0.7-r2
fixed in 3.0.8-r0
4.5%
Low-Moderate Risk
Post-Exploit
CVE-2023-0216LOW2.7
libcrypto3
3.0.7-r2
fixed in 3.0.8-r0
1.8%
Low-Moderate Risk
Post-Exploit
CVE-2023-0217LOW2.7
libcrypto3
3.0.7-r2
fixed in 3.0.8-r0
1.8%
Low-Moderate Risk
Post-Exploit
CVE-2023-28319LOW2.7
libcurl
7.87.0-r0
fixed in 8.1.0-r0
2.5%
Low-Moderate Risk
Post-Exploit
CVE-2024-6197LOW2.7
libcurl
7.87.0-r0
fixed in 8.9.0-r0
4.3%
Low-Moderate Risk
Post-Exploit
CVE-2023-0215LOW2.7
libssl3
3.0.7-r2
fixed in 3.0.8-r0
4.5%
Low-Moderate Risk
Post-Exploit
CVE-2023-0216LOW2.7
libssl3
3.0.7-r2
fixed in 3.0.8-r0
1.8%
Low-Moderate Risk
Post-Exploit
CVE-2023-23916LOW2.34
libcurl
7.87.0-r0
fixed in 7.87.0-r2
1.7%
Low-Moderate Risk
Post-Exploit
CVE-2023-46218LOW2.34
libcurl
7.87.0-r0
fixed in 8.5.0-r0
1.7%
Low-Moderate Risk
Post-Exploit
CVE-2023-28322LOW2.22
libcurl
7.87.0-r0
fixed in 8.1.0-r0
2.2%
Low-Moderate Risk
Post-Exploit
CVE-2023-38546LOW2.22
libcurl
7.87.0-r0
fixed in 8.4.0-r0
6.2%
Low-Moderate Risk
Post-Exploit
CVE-2024-6874LOW2.19
libcurl
7.87.0-r0
fixed in 8.9.0-r0
0.8%
Theoretical Threat
Post-Exploit

Want to check another image? Run a full scan with the Docker Security Scanner.