Vulnerability Reporthttpd:2.4.57-alpine

httpd:2.4.57-alpine3.18httpd:2.4.57-alpine
DIGESTsha256:02a928bf7db1a0baeebb01cb24c25237a111bbf2c43d5fa42eda6b41568dff41

Executive Summary

Last scanned:

Threat Score
100/100DANGEROUS
Reputation
TRUSTED

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could achieve remote code execution via CVE-2024-56171 by sending a crafted XML document, or cause denial of service via the actively exploited HTTP/2 Rapid Reset attack (CVE-2023-44487). Disabling DTD validation and XInclude expansion in httpd's XML processing fully mitigates CVE-2024-25062. Note that CVE-2024-45491 and CVE-2024-45492 only affect 32-bit platforms, which may not be applicable.

Vulnerabilities

Vulnerability Log

76 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2024-56171CRITICAL9.8
libxml2
2.11.4-r0
fixed in 2.11.8-r1
1.1%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2023-44487CRITICAL9.75
nghttp2-libs
1.55.1-r0
fixed in 1.57.0-r0
100.0%
Actively Exploited
Directly ExposedContext importance: HIGH
CVE-2024-45491HIGH7.84
libexpat
2.5.0-r1
fixed in 2.6.3-r0
1.1%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2024-45492HIGH7.84
libexpat
2.5.0-r1
fixed in 2.6.3-r0
1.4%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2024-25062HIGH7.5
libxml2
2.11.4-r0
fixed in 2.11.7-r0
1.4%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2023-52425MEDIUM6
libexpat
2.5.0-r1
fixed in 2.6.0-r0
1.8%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2024-28757MEDIUM6
libexpat
2.5.0-r1
fixed in 2.6.2-r0
2.0%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2024-45490MEDIUM6
libexpat
2.5.0-r1
fixed in 2.6.3-r0
1.7%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2024-8176MEDIUM6
libexpat
2.5.0-r1
fixed in 2.7.0-r0
1.6%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2025-27113MEDIUM6
libxml2
2.11.4-r0
fixed in 2.11.8-r2
1.0%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2025-26519MEDIUM5.95
musl
1.2.4-r1
fixed in 1.2.4-r3
0.3%
Theoretical Threat
Directly Exposed
CVE-2023-6237MEDIUM5.9
libcrypto3
3.1.3-r0
fixed in 3.1.4-r4
2.3%
Low-Moderate Risk
Directly Exposed
CVE-2024-5535MEDIUM5.9
libcrypto3
3.1.3-r0
fixed in 3.1.6-r0
5.6%
Low-Moderate Risk
Directly Exposed
CVE-2024-50602MEDIUM5.9
libexpat
2.5.0-r1
fixed in 2.6.4-r0
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2023-6237MEDIUM5.9
libssl3
3.1.3-r0
fixed in 3.1.4-r4
2.3%
Low-Moderate Risk
Directly Exposed
CVE-2024-5535MEDIUM5.9
libssl3
3.1.3-r0
fixed in 3.1.6-r0
5.6%
Low-Moderate Risk
Directly Exposed
CVE-2024-4741MEDIUM5.6
libcrypto3
3.1.3-r0
fixed in 3.1.6-r0
2.9%
Low-Moderate Risk
Directly Exposed
CVE-2024-4741MEDIUM5.6
libssl3
3.1.3-r0
fixed in 3.1.6-r0
2.9%
Low-Moderate Risk
Directly Exposed
CVE-2024-0727MEDIUM5.5
libcrypto3
3.1.3-r0
fixed in 3.1.4-r5
3.2%
Low-Moderate Risk
Directly Exposed
CVE-2024-0727MEDIUM5.5
libssl3
3.1.3-r0
fixed in 3.1.4-r5
3.2%
Low-Moderate Risk
Directly Exposed
CVE-2024-34459MEDIUM5.5
libxml2
2.11.4-r0
fixed in 2.11.8-r0
2.3%
Low-Moderate Risk
Directly Exposed
CVE-2023-5678MEDIUM5.3
libcrypto3
3.1.3-r0
fixed in 3.1.4-r1
4.5%
Low-Moderate Risk
Directly Exposed
CVE-2024-4603MEDIUM5.3
libcrypto3
3.1.3-r0
fixed in 3.1.5-r0
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2023-5678MEDIUM5.3
libssl3
3.1.3-r0
fixed in 3.1.4-r1
4.5%
Low-Moderate Risk
Directly Exposed
CVE-2024-4603MEDIUM5.3
libssl3
3.1.3-r0
fixed in 3.1.5-r0
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2025-24928MEDIUM5.23
libxml2
2.11.4-r0
fixed in 2.11.8-r1
0.4%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2025-32415MEDIUM5.1
libxml2
2.11.4-r0
fixed in 2.11.8-r3
0.6%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2024-2511MEDIUM4.81
libcrypto3
3.1.3-r0
fixed in 3.1.4-r6
54.0%
Actively Exploited
Directly Exposed
CVE-2024-2511MEDIUM4.81
libssl3
3.1.3-r0
fixed in 3.1.4-r6
54.0%
Actively Exploited
Directly Exposed
CVE-2023-49582MEDIUM4.67
apr
1.7.4-r0
fixed in 1.7.5-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2023-52426MEDIUM4.67
libexpat
2.5.0-r1
fixed in 2.6.0-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2023-38545MEDIUM4.58
libcurl
8.3.0-r0
fixed in 8.4.0-r0
78.5%
Actively Exploited
Post-Exploit
CVE-2024-13176MEDIUM4
libcrypto3
3.1.3-r0
fixed in 3.1.8-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2024-13176MEDIUM4
libssl3
3.1.3-r0
fixed in 3.1.8-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2023-47038LOW3.98
perl
5.36.1-r2
fixed in 5.36.2-r0
0.8%
Theoretical Threat
Post-Exploit
CVE-2024-56406LOW3.72
perl
5.36.1-r2
fixed in 5.36.2-r1
0.5%
Theoretical Threat
Post-Exploit
CVE-2024-9143LOW3.7
libcrypto3
3.1.3-r0
fixed in 3.1.7-r1
6.0%
Low-Moderate Risk
Directly Exposed
CVE-2024-9143LOW3.7
libssl3
3.1.3-r0
fixed in 3.1.7-r1
6.0%
Low-Moderate Risk
Directly Exposed
CVE-2024-6119LOW3.51
libcrypto3
3.1.3-r0
fixed in 3.1.7-r0
66.6%
Actively Exploited
Post-Exploit
CVE-2024-6119LOW3.51
libssl3
3.1.3-r0
fixed in 3.1.7-r0
66.6%
Actively Exploited
Post-Exploit
CVE-2024-0853LOW3.18
libcurl
8.3.0-r0
fixed in 8.6.0-r0
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2024-2466LOW3.18
libcurl
8.3.0-r0
fixed in 8.7.1-r0
1.3%
Low-Moderate Risk
Post-Exploit
CVE-2024-2004LOW3.18
libcurl
8.3.0-r0
fixed in 8.7.1-r0
1.7%
Low-Moderate Risk
Post-Exploit
CVE-2024-2398LOW3.1
libcurl
8.3.0-r0
fixed in 8.7.1-r0
36.1%
High Exploitation Risk
Post-Exploit
CVE-2023-42363LOW2.8
busybox
1.36.1-r2
fixed in 1.36.1-r7
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42364LOW2.8
busybox
1.36.1-r2
fixed in 1.36.1-r7
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42365LOW2.8
busybox
1.36.1-r2
fixed in 1.36.1-r7
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42366LOW2.8
busybox
1.36.1-r2
fixed in 1.36.1-r6
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42363LOW2.8
busybox-binsh
1.36.1-r2
fixed in 1.36.1-r7
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42364LOW2.8
busybox-binsh
1.36.1-r2
fixed in 1.36.1-r7
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42365LOW2.8
busybox-binsh
1.36.1-r2
fixed in 1.36.1-r7
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42366LOW2.8
busybox-binsh
1.36.1-r2
fixed in 1.36.1-r6
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42363LOW2.8
ssl_client
1.36.1-r2
fixed in 1.36.1-r7
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42364LOW2.8
ssl_client
1.36.1-r2
fixed in 1.36.1-r7
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42365LOW2.8
ssl_client
1.36.1-r2
fixed in 1.36.1-r7
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42366LOW2.8
ssl_client
1.36.1-r2
fixed in 1.36.1-r6
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-5363LOW2.7
libcrypto3
3.1.3-r0
fixed in 3.1.4-r0
3.3%
Low-Moderate Risk
Post-Exploit
CVE-2024-6197LOW2.7
libcurl
8.3.0-r0
fixed in 8.9.0-r0
4.3%
Low-Moderate Risk
Post-Exploit
CVE-2023-5363LOW2.7
libssl3
3.1.3-r0
fixed in 3.1.4-r0
3.3%
Low-Moderate Risk
Post-Exploit
CVE-2024-7264LOW2.69
libcurl
8.3.0-r0
fixed in 8.9.1-r0
17.3%
High Exploitation Risk
Post-Exploit
CVE-2025-0665LOW2.4
libcurl
8.3.0-r0
fixed in 8.12.0-r0
1.3%
Low-Moderate Risk
Post-Exploit
CVE-2025-0725LOW2.4
libcurl
8.3.0-r0
fixed in 8.12.0-r0
1.2%
Low-Moderate Risk
Post-Exploit
CVE-2023-6129LOW2.34
libcrypto3
3.1.3-r0
fixed in 3.1.4-r3
2.3%
Low-Moderate Risk
Post-Exploit
CVE-2023-46218LOW2.34
libcurl
8.3.0-r0
fixed in 8.5.0-r0
1.7%
Low-Moderate Risk
Post-Exploit
CVE-2024-9681LOW2.34
libcurl
8.3.0-r0
fixed in 8.11.0-r0
2.0%
Low-Moderate Risk
Post-Exploit
CVE-2023-6129LOW2.34
libssl3
3.1.3-r0
fixed in 3.1.4-r3
2.3%
Low-Moderate Risk
Post-Exploit
CVE-2025-32414LOW2.29
libxml2
2.11.4-r0
fixed in 2.11.8-r3
0.4%
Theoretical Threat
Post-Exploit
CVE-2025-31115LOW2.29
xz-libs
5.4.3-r0
fixed in 5.4.3-r1
0.6%
Theoretical Threat
Post-Exploit
CVE-2023-38546LOW2.22
libcurl
8.3.0-r0
fixed in 8.4.0-r0
6.2%
Low-Moderate Risk
Post-Exploit
CVE-2024-6874LOW2.19
libcurl
8.3.0-r0
fixed in 8.9.0-r0
0.8%
Theoretical Threat
Post-Exploit
CVE-2024-11053LOW2.12
libcurl
8.3.0-r0
fixed in 8.11.1-r0
1.4%
Low-Moderate Risk
Post-Exploit
CVE-2024-8096LOW1.99
libcurl
8.3.0-r0
fixed in 8.10.0-r0
0.7%
Theoretical Threat
Post-Exploit
CVE-2024-2379LOW1.94
libcurl
8.3.0-r0
fixed in 8.7.1-r0
1.7%
Low-Moderate Risk
Post-Exploit
CVE-2023-46219LOW1.91
libcurl
8.3.0-r0
fixed in 8.5.0-r0
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2025-26519NONE0
musl-utils
1.2.4-r1
fixed in 1.2.4-r3
0.3%
Theoretical Threat
Not Applicable
CVE-2025-0167NONE0
libcurl
8.3.0-r0
fixed in 8.12.0-r0
0.7%
Theoretical Threat
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.