Vulnerability Reporthttpd:2.4.59-alpine

httpd:2.4.59-alpine3.20httpd:2.4.59-alpine
DIGESTsha256:f32374473ef537ea79cb0d17cb5003c9f10c6b4bc885d0affcb5c37d63e3a3d3

Executive Summary

Last scanned:

Threat Score
74/100CAUTION
Reputation
TRUSTED

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could trigger denial of service via crafted XML inputs (CVE-2024-45490, CVE-2024-8176) or potentially execute code if the container runs on a 32-bit platform (CVE-2024-45491). Disabling XML processing modules (e.g., mod_xml2enc) would fully eliminate the most critical expat vulnerabilities. Note that the highest-severity findings in libexpat depend on the container being 32-bit, which is not confirmed.

Vulnerabilities

Vulnerability Log

98 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2024-45491HIGH7.84
libexpat
2.6.2-r0
fixed in 2.6.3-r0
1.1%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2024-45492HIGH7.84
libexpat
2.6.2-r0
fixed in 2.6.3-r0
1.4%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2024-45490HIGH7.5
libexpat
2.6.2-r0
fixed in 2.6.3-r0
1.7%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2024-8176HIGH7.5
libexpat
2.6.2-r0
fixed in 2.7.0-r0
1.6%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2025-69421MEDIUM6.38
libcrypto3
3.3.1-r0
fixed in 3.3.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28388MEDIUM6.38
libcrypto3
3.3.1-r0
fixed in 3.3.7-r0
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-28389MEDIUM6.38
libcrypto3
3.3.1-r0
fixed in 3.3.7-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28390MEDIUM6.38
libcrypto3
3.3.1-r0
fixed in 3.3.7-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-45186MEDIUM6.38
libexpat
2.6.2-r0
fixed in 2.8.1-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-69421MEDIUM6.38
libssl3
3.3.1-r0
fixed in 3.3.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28388MEDIUM6.38
libssl3
3.3.1-r0
fixed in 3.3.7-r0
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-28389MEDIUM6.38
libssl3
3.3.1-r0
fixed in 3.3.7-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28390MEDIUM6.38
libssl3
3.3.1-r0
fixed in 3.3.7-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-32414MEDIUM6.38
libxml2
2.12.7-r0
fixed in 2.12.10-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-32415MEDIUM6.38
libxml2
2.12.7-r0
fixed in 2.12.10-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-31115MEDIUM6.38
xz-libs
5.6.1-r3
fixed in 5.6.2-r1
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-69419MEDIUM6.29
libcrypto3
3.3.1-r0
fixed in 3.3.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-69419MEDIUM6.29
libssl3
3.3.1-r0
fixed in 3.3.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-27113MEDIUM6
libxml2
2.12.7-r0
fixed in 2.12.7-r2
1.0%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2025-26519MEDIUM5.95
musl
1.2.5-r0
fixed in 1.2.5-r1
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-9231MEDIUM5.9
libcrypto3
3.3.1-r0
fixed in 3.3.5-r0
2.2%
Low-Moderate Risk
Directly Exposed
CVE-2024-5535MEDIUM5.9
libcrypto3
3.3.1-r0
fixed in 3.3.1-r1
5.6%
Low-Moderate Risk
Directly Exposed
CVE-2024-50602MEDIUM5.9
libexpat
2.6.2-r0
fixed in 2.6.4-r0
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2025-9231MEDIUM5.9
libssl3
3.3.1-r0
fixed in 3.3.5-r0
2.2%
Low-Moderate Risk
Directly Exposed
CVE-2024-5535MEDIUM5.9
libssl3
3.3.1-r0
fixed in 3.3.1-r1
5.6%
Low-Moderate Risk
Directly Exposed
CVE-2025-9230MEDIUM5.6
libcrypto3
3.3.1-r0
fixed in 3.3.5-r0
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2025-9230MEDIUM5.6
libssl3
3.3.1-r0
fixed in 3.3.5-r0
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2025-59375MEDIUM5.3
libexpat
2.6.2-r0
fixed in 2.7.2-r0
1.3%
Low-Moderate Risk
Directly Exposed
CVE-2025-24928MEDIUM5.23
libxml2
2.12.7-r0
fixed in 2.12.7-r1
0.4%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-31790MEDIUM5.02
libcrypto3
3.3.1-r0
fixed in 3.3.7-r0
1.0%
Theoretical Threat
Directly Exposed
CVE-2025-15468MEDIUM5.02
libcrypto3
3.3.1-r0
fixed in 3.3.6-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-66199MEDIUM5.02
libcrypto3
3.3.1-r0
fixed in 3.3.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-69420MEDIUM5.02
libcrypto3
3.3.1-r0
fixed in 3.3.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-22796MEDIUM5.02
libcrypto3
3.3.1-r0
fixed in 3.3.6-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-31790MEDIUM5.02
libssl3
3.3.1-r0
fixed in 3.3.7-r0
1.0%
Theoretical Threat
Directly Exposed
CVE-2025-15468MEDIUM5.02
libssl3
3.3.1-r0
fixed in 3.3.6-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-66199MEDIUM5.02
libssl3
3.3.1-r0
fixed in 3.3.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-69420MEDIUM5.02
libssl3
3.3.1-r0
fixed in 3.3.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-22796MEDIUM5.02
libssl3
3.3.1-r0
fixed in 3.3.6-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2023-49582MEDIUM4.67
apr
1.7.4-r0
fixed in 1.7.5-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-22795MEDIUM4.67
libcrypto3
3.3.1-r0
fixed in 3.3.6-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-32776MEDIUM4.67
libexpat
2.6.2-r0
fixed in 2.7.5-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-32777MEDIUM4.67
libexpat
2.6.2-r0
fixed in 2.7.5-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-32778MEDIUM4.67
libexpat
2.6.2-r0
fixed in 2.7.5-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-22795MEDIUM4.67
libssl3
3.3.1-r0
fixed in 3.3.6-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-6042MEDIUM4.67
musl
1.2.5-r0
fixed in 1.2.5-r2
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-27171MEDIUM4.67
zlib
1.3.1-r1
fixed in 1.3.2-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-34743MEDIUM4.5
xz-libs
5.6.1-r3
fixed in 5.8.3-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-15467MEDIUM4.06
libcrypto3
3.3.1-r0
fixed in 3.3.6-r0
47.6%
High Exploitation Risk
Post-Exploit
CVE-2025-15467MEDIUM4.06
libssl3
3.3.1-r0
fixed in 3.3.6-r0
47.6%
High Exploitation Risk
Post-Exploit
CVE-2024-13176MEDIUM4
libcrypto3
3.3.1-r0
fixed in 3.3.2-r2
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-68160MEDIUM4
libcrypto3
3.3.1-r0
fixed in 3.3.6-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-13176MEDIUM4
libssl3
3.3.1-r0
fixed in 3.3.2-r2
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-68160MEDIUM4
libssl3
3.3.1-r0
fixed in 3.3.6-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-40200LOW3.98
musl-utils
1.2.5-r0
fixed in 1.2.5-r3
0.1%
Theoretical Threat
Post-Exploit
CVE-2024-56406LOW3.72
perl
5.38.2-r0
fixed in 5.38.3-r1
0.5%
Theoretical Threat
Post-Exploit
CVE-2024-9143LOW3.7
libcrypto3
3.3.1-r0
fixed in 3.3.2-r1
6.0%
Low-Moderate Risk
Directly Exposed
CVE-2024-9143LOW3.7
libssl3
3.3.1-r0
fixed in 3.3.2-r1
6.0%
Low-Moderate Risk
Directly Exposed
CVE-2025-26519LOW3.57
musl-utils
1.2.5-r0
fixed in 1.2.5-r1
0.3%
Theoretical Threat
Post-Exploit
CVE-2024-56171LOW3.53
libxml2
2.12.7-r0
fixed in 2.12.7-r1
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2024-6119LOW3.51
libcrypto3
3.3.1-r0
fixed in 3.3.2-r0
66.6%
Actively Exploited
Post-Exploit
CVE-2024-6119LOW3.51
libssl3
3.3.1-r0
fixed in 3.3.2-r0
66.6%
Actively Exploited
Post-Exploit
CVE-2025-69418LOW3.4
libcrypto3
3.3.1-r0
fixed in 3.3.6-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2025-69418LOW3.4
libssl3
3.3.1-r0
fixed in 3.3.6-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-41080LOW3.15
libexpat
2.6.2-r0
fixed in 2.8.1-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-9232LOW3.1
libcrypto3
3.3.1-r0
fixed in 3.3.5-r0
2.0%
Low-Moderate Risk
Directly Exposed
CVE-2025-9232LOW3.1
libssl3
3.3.1-r0
fixed in 3.3.5-r0
2.0%
Low-Moderate Risk
Directly Exposed
CVE-2026-31789LOW3
libcrypto3
3.3.1-r0
fixed in 3.3.7-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-31789LOW3
libssl3
3.3.1-r0
fixed in 3.3.7-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-6042LOW2.8
musl-utils
1.2.5-r0
fixed in 1.2.5-r2
0.2%
Theoretical Threat
Post-Exploit
CVE-2024-6197LOW2.7
libcurl
8.7.1-r0
fixed in 8.9.0-r0
4.3%
Low-Moderate Risk
Post-Exploit
CVE-2024-7264LOW2.69
libcurl
8.7.1-r0
fixed in 8.9.1-r0
17.3%
High Exploitation Risk
Post-Exploit
CVE-2024-12797LOW2.66
libcrypto3
3.3.1-r0
fixed in 3.3.3-r0
2.4%
Low-Moderate Risk
Post-Exploit
CVE-2024-12797LOW2.66
libssl3
3.3.1-r0
fixed in 3.3.3-r0
2.4%
Low-Moderate Risk
Post-Exploit
CVE-2025-5399LOW2.58
libcurl
8.7.1-r0
fixed in 8.14.1-r0
1.2%
Low-Moderate Risk
Post-Exploit
CVE-2026-28387LOW2.48
libcrypto3
3.3.1-r0
fixed in 3.3.7-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-28387LOW2.48
libssl3
3.3.1-r0
fixed in 3.3.7-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2025-5025LOW2.45
libcurl
8.7.1-r0
fixed in 8.14.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2025-10148LOW2.45
libcurl
8.7.1-r0
fixed in 8.14.1-r2
0.5%
Theoretical Threat
Post-Exploit
CVE-2025-0665LOW2.4
libcurl
8.7.1-r0
fixed in 8.12.0-r0
1.3%
Low-Moderate Risk
Post-Exploit
CVE-2025-0725LOW2.4
libcurl
8.7.1-r0
fixed in 8.12.0-r0
1.2%
Low-Moderate Risk
Post-Exploit
CVE-2026-25210LOW2.39
libexpat
2.6.2-r0
fixed in 2.7.4-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-40200LOW2.39
musl
1.2.5-r0
fixed in 1.2.5-r3
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-22184LOW2.39
zlib
1.3.1-r1
fixed in 1.3.2-r0
0.4%
Theoretical Threat
Post-Exploit
CVE-2024-9681LOW2.34
libcurl
8.7.1-r0
fixed in 8.11.0-r0
2.0%
Low-Moderate Risk
Post-Exploit
CVE-2024-6874LOW2.19
libcurl
8.7.1-r0
fixed in 8.9.0-r0
0.8%
Theoretical Threat
Post-Exploit
CVE-2024-11053LOW2.12
libcurl
8.7.1-r0
fixed in 8.11.1-r0
1.4%
Low-Moderate Risk
Post-Exploit
CVE-2026-24515LOW2.12
libexpat
2.6.2-r0
fixed in 2.7.4-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-8096LOW1.99
libcurl
8.7.1-r0
fixed in 8.10.0-r0
0.7%
Theoretical Threat
Post-Exploit
CVE-2025-4947LOW1.99
libcurl
8.7.1-r0
fixed in 8.14.0-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2025-9086LOW1.91
libcurl
8.7.1-r0
fixed in 8.14.1-r2
1.3%
Low-Moderate Risk
Post-Exploit
CVE-2025-46394LOW1.68
busybox
1.36.1-r29
fixed in 1.36.1-r31
0.1%
Theoretical Threat
Post-Exploit
CVE-2025-46394LOW1.68
busybox-binsh
1.36.1-r29
fixed in 1.36.1-r31
0.1%
Theoretical Threat
Post-Exploit
CVE-2025-46394LOW1.68
ssl_client
1.36.1-r29
fixed in 1.36.1-r31
0.1%
Theoretical Threat
Post-Exploit
CVE-2024-58251NONE0
busybox
1.36.1-r29
fixed in 1.36.1-r31
0.2%
Theoretical Threat
Not Applicable
CVE-2024-58251NONE0
busybox-binsh
1.36.1-r29
fixed in 1.36.1-r31
0.2%
Theoretical Threat
Not Applicable
CVE-2025-0167NONE0
libcurl
8.7.1-r0
fixed in 8.12.0-r0
0.7%
Theoretical Threat
Not Applicable
CVE-2024-58251NONE0
ssl_client
1.36.1-r29
fixed in 1.36.1-r31
0.2%
Theoretical Threat
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.