Vulnerability Reporthttpd:2.4.58-alpine

httpd:2.4.58-alpine3.19httpd:2.4.58-alpine
DIGESTsha256:92535cf7f151901ba91b04186292c3bd5bf82aa6ffa6eb7bc405fefbffedd480

Executive Summary

Last scanned:

Threat Score
74/100CAUTION
Reputation
TRUSTED

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. It contains 34 known vulnerabilities, including 3 with severity above 7.0 (e.g., CVE-2024-56171 and CVE-2024-6119). These require non-default configurations to exploit, such as XML schema validation or client certificate name checks, so default httpd setups are less exposed. Additional moderate-severity issues (severity ≥6.0) affect XML parsing and could cause denial of service if relevant modules are enabled. Disabling unnecessary modules and implementing network segmentation would reduce risk. No post-exploit vulnerabilities were detected.

Vulnerabilities

Vulnerability Log

77 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2024-56171HIGH7.84
libxml2
2.11.7-r0
fixed in 2.11.8-r1
1.1%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2024-6119HIGH7.8
libcrypto3
3.1.4-r5
fixed in 3.1.7-r0
66.6%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2024-6119HIGH7.8
libssl3
3.1.4-r5
fixed in 3.1.7-r0
66.6%
Actively Exploited
Directly ExposedContext importance: MEDIUM
CVE-2024-45490MEDIUM6
libexpat
2.6.2-r0
fixed in 2.6.3-r0
1.7%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2024-8176MEDIUM6
libexpat
2.6.2-r0
fixed in 2.7.0-r0
1.6%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2025-27113MEDIUM6
libxml2
2.11.7-r0
fixed in 2.11.8-r2
1.0%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2025-26519MEDIUM5.95
musl
1.2.4_git20230717-r4
fixed in 1.2.4_git20230717-r5
0.3%
Theoretical Threat
Directly Exposed
CVE-2024-45491MEDIUM5.88
libexpat
2.6.2-r0
fixed in 2.6.3-r0
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2024-45492MEDIUM5.88
libexpat
2.6.2-r0
fixed in 2.6.3-r0
1.4%
Low-Moderate Risk
Directly Exposed
CVE-2024-34459MEDIUM5.5
libxml2
2.11.7-r0
fixed in 2.11.8-r0
2.3%
Low-Moderate Risk
Directly Exposed
CVE-2024-4603MEDIUM5.3
libcrypto3
3.1.4-r5
fixed in 3.1.5-r0
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2025-59375MEDIUM5.3
libexpat
2.6.2-r0
fixed in 2.7.2-r0
1.3%
Low-Moderate Risk
Directly Exposed
CVE-2024-4603MEDIUM5.3
libssl3
3.1.4-r5
fixed in 3.1.5-r0
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2025-24928MEDIUM5.23
libxml2
2.11.7-r0
fixed in 2.11.8-r1
0.4%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2025-32415MEDIUM5.1
libxml2
2.11.7-r0
fixed in 2.11.8-r3
0.6%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2025-31115MEDIUM5.1
xz-libs
5.4.5-r0
fixed in 5.4.5-r1
0.6%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2024-2511MEDIUM4.81
libcrypto3
3.1.4-r5
fixed in 3.1.4-r6
54.0%
Actively Exploited
Directly Exposed
CVE-2024-2511MEDIUM4.81
libssl3
3.1.4-r5
fixed in 3.1.4-r6
54.0%
Actively Exploited
Directly Exposed
CVE-2023-49582MEDIUM4.67
apr
1.7.4-r0
fixed in 1.7.5-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2024-25629MEDIUM4.67
c-ares
1.24.0-r1
fixed in 1.27.0-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-6042MEDIUM4.67
musl
1.2.4_git20230717-r4
fixed in 1.2.4_git20230717-r6
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-13176MEDIUM4
libcrypto3
3.1.4-r5
fixed in 3.1.8-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2024-13176MEDIUM4
libssl3
3.1.4-r5
fixed in 3.1.8-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-40200LOW3.98
musl-utils
1.2.4_git20230717-r4
fixed in 1.2.4_git20230717-r6
0.1%
Theoretical Threat
Post-Exploit
CVE-2024-56406LOW3.72
perl
5.38.2-r0
fixed in 5.38.3-r1
0.5%
Theoretical Threat
Post-Exploit
CVE-2024-9143LOW3.7
libcrypto3
3.1.4-r5
fixed in 3.1.7-r1
6.0%
Low-Moderate Risk
Directly Exposed
CVE-2024-9143LOW3.7
libssl3
3.1.4-r5
fixed in 3.1.7-r1
6.0%
Low-Moderate Risk
Directly Exposed
CVE-2025-26519LOW3.57
musl-utils
1.2.4_git20230717-r4
fixed in 1.2.4_git20230717-r5
0.3%
Theoretical Threat
Post-Exploit
CVE-2024-5535LOW3.54
libcrypto3
3.1.4-r5
fixed in 3.1.6-r0
5.6%
Low-Moderate Risk
Directly Exposed
CVE-2024-50602LOW3.54
libexpat
2.6.2-r0
fixed in 2.6.4-r0
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2024-5535LOW3.54
libssl3
3.1.4-r5
fixed in 3.1.6-r0
5.6%
Low-Moderate Risk
Directly Exposed
CVE-2025-9230LOW3.36
libcrypto3
3.1.4-r5
fixed in 3.1.8-r1
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2024-4741LOW3.36
libcrypto3
3.1.4-r5
fixed in 3.1.6-r0
2.9%
Low-Moderate Risk
Directly Exposed
CVE-2025-9230LOW3.36
libssl3
3.1.4-r5
fixed in 3.1.8-r1
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2024-4741LOW3.36
libssl3
3.1.4-r5
fixed in 3.1.6-r0
2.9%
Low-Moderate Risk
Directly Exposed
CVE-2025-9086LOW3.18
libcurl
8.5.0-r0
fixed in 8.14.1-r2
1.3%
Low-Moderate Risk
Post-Exploit
CVE-2024-2004LOW3.18
libcurl
8.5.0-r0
fixed in 8.7.1-r0
1.7%
Low-Moderate Risk
Post-Exploit
CVE-2024-2398LOW3.1
libcurl
8.5.0-r0
fixed in 8.7.1-r0
36.1%
High Exploitation Risk
Post-Exploit
CVE-2025-9232LOW3.1
libcrypto3
3.1.4-r5
fixed in 3.1.8-r1
2.0%
Low-Moderate Risk
Directly Exposed
CVE-2025-9232LOW3.1
libssl3
3.1.4-r5
fixed in 3.1.8-r1
2.0%
Low-Moderate Risk
Directly Exposed
CVE-2023-42363LOW2.8
busybox
1.36.1-r15
fixed in 1.36.1-r17
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42364LOW2.8
busybox
1.36.1-r15
fixed in 1.36.1-r19
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42365LOW2.8
busybox
1.36.1-r15
fixed in 1.36.1-r19
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42366LOW2.8
busybox
1.36.1-r15
fixed in 1.36.1-r16
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42363LOW2.8
busybox-binsh
1.36.1-r15
fixed in 1.36.1-r17
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42364LOW2.8
busybox-binsh
1.36.1-r15
fixed in 1.36.1-r19
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42365LOW2.8
busybox-binsh
1.36.1-r15
fixed in 1.36.1-r19
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42366LOW2.8
busybox-binsh
1.36.1-r15
fixed in 1.36.1-r16
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-6042LOW2.8
musl-utils
1.2.4_git20230717-r4
fixed in 1.2.4_git20230717-r6
0.2%
Theoretical Threat
Post-Exploit
CVE-2023-42363LOW2.8
ssl_client
1.36.1-r15
fixed in 1.36.1-r17
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42364LOW2.8
ssl_client
1.36.1-r15
fixed in 1.36.1-r19
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42365LOW2.8
ssl_client
1.36.1-r15
fixed in 1.36.1-r19
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-42366LOW2.8
ssl_client
1.36.1-r15
fixed in 1.36.1-r16
0.4%
Theoretical Threat
Post-Exploit
CVE-2024-6197LOW2.7
libcurl
8.5.0-r0
fixed in 8.9.0-r0
4.3%
Low-Moderate Risk
Post-Exploit
CVE-2024-7264LOW2.69
libcurl
8.5.0-r0
fixed in 8.9.1-r0
17.3%
High Exploitation Risk
Post-Exploit
CVE-2025-5399LOW2.58
libcurl
8.5.0-r0
fixed in 8.14.1-r0
1.2%
Low-Moderate Risk
Post-Exploit
CVE-2025-5025LOW2.45
libcurl
8.5.0-r0
fixed in 8.14.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2025-10148LOW2.45
libcurl
8.5.0-r0
fixed in 8.14.1-r2
0.5%
Theoretical Threat
Post-Exploit
CVE-2025-0665LOW2.4
libcurl
8.5.0-r0
fixed in 8.12.0-r0
1.3%
Low-Moderate Risk
Post-Exploit
CVE-2025-0725LOW2.4
libcurl
8.5.0-r0
fixed in 8.12.0-r0
1.2%
Low-Moderate Risk
Post-Exploit
CVE-2026-40200LOW2.39
musl
1.2.4_git20230717-r4
fixed in 1.2.4_git20230717-r6
0.1%
Theoretical Threat
Post-Exploit
CVE-2024-9681LOW2.34
libcurl
8.5.0-r0
fixed in 8.11.0-r0
2.0%
Low-Moderate Risk
Post-Exploit
CVE-2025-32414LOW2.29
libxml2
2.11.7-r0
fixed in 2.11.8-r3
0.4%
Theoretical Threat
Post-Exploit
CVE-2024-6874LOW2.19
libcurl
8.5.0-r0
fixed in 8.9.0-r0
0.8%
Theoretical Threat
Post-Exploit
CVE-2024-11053LOW2.12
libcurl
8.5.0-r0
fixed in 8.11.1-r0
1.4%
Low-Moderate Risk
Post-Exploit
CVE-2024-8096LOW1.99
libcurl
8.5.0-r0
fixed in 8.10.0-r0
0.7%
Theoretical Threat
Post-Exploit
CVE-2025-4947LOW1.99
libcurl
8.5.0-r0
fixed in 8.14.0-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2024-2379LOW1.94
libcurl
8.5.0-r0
fixed in 8.7.1-r0
1.7%
Low-Moderate Risk
Post-Exploit
CVE-2024-0853LOW1.91
libcurl
8.5.0-r0
fixed in 8.6.0-r0
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2024-2466LOW1.91
libcurl
8.5.0-r0
fixed in 8.7.1-r0
1.3%
Low-Moderate Risk
Post-Exploit
CVE-2025-46394LOW1.68
busybox
1.36.1-r15
fixed in 1.36.1-r21
0.1%
Theoretical Threat
Post-Exploit
CVE-2025-46394LOW1.68
busybox-binsh
1.36.1-r15
fixed in 1.36.1-r21
0.1%
Theoretical Threat
Post-Exploit
CVE-2025-46394LOW1.68
ssl_client
1.36.1-r15
fixed in 1.36.1-r21
0.1%
Theoretical Threat
Post-Exploit
CVE-2024-58251NONE0
busybox
1.36.1-r15
fixed in 1.36.1-r21
0.2%
Theoretical Threat
Not Applicable
CVE-2024-58251NONE0
busybox-binsh
1.36.1-r15
fixed in 1.36.1-r21
0.2%
Theoretical Threat
Not Applicable
CVE-2025-0167NONE0
libcurl
8.5.0-r0
fixed in 8.12.0-r0
0.7%
Theoretical Threat
Not Applicable
CVE-2024-58251NONE0
ssl_client
1.36.1-r15
fixed in 1.36.1-r21
0.2%
Theoretical Threat
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.