Vulnerability Reporthttpd:2.4.62-alpine

httpd:2.4.62-alpine3.21httpd:2.4.62-alpine
DIGESTsha256:88c55a4fcc1df6cf9e7b38360fb6a6feb4d5c5cf5a27a9ff38096ae585af707f

Executive Summary

Last scanned:

Threat Score
74/100CAUTION
Reputation
TRUSTED

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. The highest-severity vulnerabilities (CVE-2024-56171 and CVE-2025-49796) could allow remote code execution or denial of service if the server is configured to process untrusted XML (e.g., via WebDAV or schematron). However, these require non-default modules to be enabled; a standard Apache httpd deployment is not affected. Disabling unused XML-related modules (e.g., mod_dav, mod_schematron) fully eliminates these risks. The remaining OpenSSL CVEs only cause denial of service under very specific conditions and have low practical impact. Despite the high trust score, the large number of exposed vulnerabilities warrants caution.

Vulnerabilities

Vulnerability Log

104 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2024-56171HIGH7.84
libxml2
2.13.4-r3
fixed in 2.13.4-r4
1.1%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2025-49796HIGH7.28
libxml2
2.13.4-r3
fixed in 2.13.9-r0
1.4%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2025-69421MEDIUM6.38
libcrypto3
3.3.2-r4
fixed in 3.3.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28388MEDIUM6.38
libcrypto3
3.3.2-r4
fixed in 3.3.7-r0
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-28389MEDIUM6.38
libcrypto3
3.3.2-r4
fixed in 3.3.7-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28390MEDIUM6.38
libcrypto3
3.3.2-r4
fixed in 3.3.7-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-45186MEDIUM6.38
libexpat
2.6.4-r0
fixed in 2.8.1-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-69421MEDIUM6.38
libssl3
3.3.2-r4
fixed in 3.3.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28388MEDIUM6.38
libssl3
3.3.2-r4
fixed in 3.3.7-r0
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-28389MEDIUM6.38
libssl3
3.3.2-r4
fixed in 3.3.7-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28390MEDIUM6.38
libssl3
3.3.2-r4
fixed in 3.3.7-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-32414MEDIUM6.38
libxml2
2.13.4-r3
fixed in 2.13.4-r6
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-32415MEDIUM6.38
libxml2
2.13.4-r3
fixed in 2.13.4-r6
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-49795MEDIUM6.38
libxml2
2.13.4-r3
fixed in 2.13.9-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-6732MEDIUM6.38
libxml2
2.13.4-r3
fixed in 2.13.9-r1
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-27135MEDIUM6.38
nghttp2-libs
1.64.0-r0
fixed in 1.68.1
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-69419MEDIUM6.29
libcrypto3
3.3.2-r4
fixed in 3.3.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-69419MEDIUM6.29
libssl3
3.3.2-r4
fixed in 3.3.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-49794MEDIUM6.18
libxml2
2.13.4-r3
fixed in 2.13.9-r0
0.7%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-33630MEDIUM6
c-ares
1.34.3-r0
fixed in 1.34.8-r0
Directly ExposedContext importance: MEDIUM
CVE-2024-8176MEDIUM6
libexpat
2.6.4-r0
fixed in 2.7.0-r0
1.6%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2025-27113MEDIUM6
libxml2
2.13.4-r3
fixed in 2.13.4-r5
1.0%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2025-6021MEDIUM6
libxml2
2.13.4-r3
fixed in 2.13.9-r0
1.1%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2025-31498MEDIUM5.95
c-ares
1.34.3-r0
fixed in 1.34.5-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-26519MEDIUM5.95
musl
1.2.5-r8
fixed in 1.2.5-r9
0.3%
Theoretical Threat
Directly Exposed
CVE-2024-12797MEDIUM5.92
libcrypto3
3.3.2-r4
fixed in 3.3.3-r0
2.4%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2024-12797MEDIUM5.92
libssl3
3.3.2-r4
fixed in 3.3.3-r0
2.4%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2025-9231MEDIUM5.9
libcrypto3
3.3.2-r4
fixed in 3.3.5-r0
2.2%
Low-Moderate Risk
Directly Exposed
CVE-2025-9231MEDIUM5.9
libssl3
3.3.2-r4
fixed in 3.3.5-r0
2.2%
Low-Moderate Risk
Directly Exposed
CVE-2026-56132MEDIUM5.87
libexpat
2.6.4-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56403MEDIUM5.87
libexpat
2.6.4-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56404MEDIUM5.87
libexpat
2.6.4-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56405MEDIUM5.87
libexpat
2.6.4-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56406MEDIUM5.87
libexpat
2.6.4-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56410MEDIUM5.87
libexpat
2.6.4-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56411MEDIUM5.87
libexpat
2.6.4-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2025-9230MEDIUM5.6
libcrypto3
3.3.2-r4
fixed in 3.3.5-r0
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2025-9230MEDIUM5.6
libssl3
3.3.2-r4
fixed in 3.3.5-r0
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2026-25210MEDIUM5.3
libexpat
2.6.4-r0
fixed in 2.7.4-r0
0.2%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2025-59375MEDIUM5.3
libexpat
2.6.4-r0
fixed in 2.7.2-r0
1.3%
Low-Moderate Risk
Directly Exposed
CVE-2025-24928MEDIUM5.23
libxml2
2.13.4-r3
fixed in 2.13.4-r4
0.4%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2025-62408MEDIUM5.02
c-ares
1.34.3-r0
fixed in 1.34.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-31790MEDIUM5.02
libcrypto3
3.3.2-r4
fixed in 3.3.7-r0
1.0%
Theoretical Threat
Directly Exposed
CVE-2025-15468MEDIUM5.02
libcrypto3
3.3.2-r4
fixed in 3.3.6-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-66199MEDIUM5.02
libcrypto3
3.3.2-r4
fixed in 3.3.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-69420MEDIUM5.02
libcrypto3
3.3.2-r4
fixed in 3.3.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-22796MEDIUM5.02
libcrypto3
3.3.2-r4
fixed in 3.3.6-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-50219MEDIUM5.02
libexpat
2.6.4-r0
fixed in 2.8.2-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-56412MEDIUM5.02
libexpat
2.6.4-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-31790MEDIUM5.02
libssl3
3.3.2-r4
fixed in 3.3.7-r0
1.0%
Theoretical Threat
Directly Exposed
CVE-2025-15468MEDIUM5.02
libssl3
3.3.2-r4
fixed in 3.3.6-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-66199MEDIUM5.02
libssl3
3.3.2-r4
fixed in 3.3.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-69420MEDIUM5.02
libssl3
3.3.2-r4
fixed in 3.3.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-22796MEDIUM5.02
libssl3
3.3.2-r4
fixed in 3.3.6-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-31789MEDIUM5
libcrypto3
3.3.2-r4
fixed in 3.3.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-31789MEDIUM5
libssl3
3.3.2-r4
fixed in 3.3.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-22795MEDIUM4.67
libcrypto3
3.3.2-r4
fixed in 3.3.6-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-32776MEDIUM4.67
libexpat
2.6.4-r0
fixed in 2.7.5-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-32777MEDIUM4.67
libexpat
2.6.4-r0
fixed in 2.7.5-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-32778MEDIUM4.67
libexpat
2.6.4-r0
fixed in 2.7.5-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-22795MEDIUM4.67
libssl3
3.3.2-r4
fixed in 3.3.6-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-6042MEDIUM4.67
musl
1.2.5-r8
fixed in 1.2.5-r10
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-27171MEDIUM4.67
zlib
1.3.1-r2
fixed in 1.3.2-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-34743MEDIUM4.5
xz-libs
5.6.3-r0
fixed in 5.8.3-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-28387MEDIUM4.13
libcrypto3
3.3.2-r4
fixed in 3.3.7-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-28387MEDIUM4.13
libssl3
3.3.2-r4
fixed in 3.3.7-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-15467MEDIUM4.06
libcrypto3
3.3.2-r4
fixed in 3.3.6-r0
47.6%
High Exploitation Risk
Post-Exploit
CVE-2025-15467MEDIUM4.06
libssl3
3.3.2-r4
fixed in 3.3.6-r0
47.6%
High Exploitation Risk
Post-Exploit
CVE-2024-13176MEDIUM4
libcrypto3
3.3.2-r4
fixed in 3.3.2-r5
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-68160MEDIUM4
libcrypto3
3.3.2-r4
fixed in 3.3.6-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-13176MEDIUM4
libssl3
3.3.2-r4
fixed in 3.3.2-r5
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-68160MEDIUM4
libssl3
3.3.2-r4
fixed in 3.3.6-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-40200LOW3.98
musl
1.2.5-r8
fixed in 1.2.5-r11
0.1%
Theoretical Threat
Directly Exposed
CVE-2025-31115LOW3.83
xz-libs
5.6.3-r0
fixed in 5.6.3-r1
0.6%
Theoretical Threat
Directly Exposed
CVE-2024-56406LOW3.72
perl
5.40.0-r3
fixed in 5.40.1-r1
0.5%
Theoretical Threat
Post-Exploit
CVE-2025-69418LOW3.4
libcrypto3
3.3.2-r4
fixed in 3.3.6-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2025-69418LOW3.4
libssl3
3.3.2-r4
fixed in 3.3.6-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-41080LOW3.15
libexpat
2.6.4-r0
fixed in 2.8.1-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-9232LOW3.1
libcrypto3
3.3.2-r4
fixed in 3.3.5-r0
2.0%
Low-Moderate Risk
Directly Exposed
CVE-2025-9232LOW3.1
libssl3
3.3.2-r4
fixed in 3.3.5-r0
2.0%
Low-Moderate Risk
Directly Exposed
CVE-2025-5399LOW2.58
libcurl
8.11.1-r0
fixed in 8.14.1-r0
1.2%
Low-Moderate Risk
Post-Exploit
CVE-2025-5025LOW2.45
libcurl
8.11.1-r0
fixed in 8.14.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2025-10148LOW2.45
libcurl
8.11.1-r0
fixed in 8.14.1-r2
0.5%
Theoretical Threat
Post-Exploit
CVE-2025-0665LOW2.4
libcurl
8.11.1-r0
fixed in 8.12.0-r0
1.3%
Low-Moderate Risk
Post-Exploit
CVE-2025-0725LOW2.4
libcurl
8.11.1-r0
fixed in 8.12.0-r0
1.2%
Low-Moderate Risk
Post-Exploit
CVE-2026-22184LOW2.39
zlib
1.3.1-r2
fixed in 1.3.2-r0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-24515LOW2.12
libexpat
2.6.4-r0
fixed in 2.7.4-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-6170LOW2.12
libxml2
2.13.4-r3
fixed in 2.13.9-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-4947LOW1.99
libcurl
8.11.1-r0
fixed in 8.14.0-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2025-9086LOW1.91
libcurl
8.11.1-r0
fixed in 8.14.1-r2
1.3%
Low-Moderate Risk
Post-Exploit
CVE-2025-46394LOW1.68
busybox
1.37.0-r9
fixed in 1.37.0-r14
0.1%
Theoretical Threat
Post-Exploit
CVE-2025-46394LOW1.68
busybox-binsh
1.37.0-r9
fixed in 1.37.0-r14
0.1%
Theoretical Threat
Post-Exploit
CVE-2025-46394LOW1.68
ssl_client
1.37.0-r9
fixed in 1.37.0-r14
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-40200NONE0
musl-utils
1.2.5-r8
fixed in 1.2.5-r11
0.1%
Theoretical Threat
Not Applicable
CVE-2025-26519NONE0
musl-utils
1.2.5-r8
fixed in 1.2.5-r9
0.3%
Theoretical Threat
Not Applicable
CVE-2026-6042NONE0
musl-utils
1.2.5-r8
fixed in 1.2.5-r10
0.2%
Theoretical Threat
Not Applicable
CVE-2024-58251NONE0
busybox
1.37.0-r9
fixed in 1.37.0-r14
0.2%
Theoretical Threat
Not Applicable
CVE-2024-58251NONE0
busybox-binsh
1.37.0-r9
fixed in 1.37.0-r14
0.2%
Theoretical Threat
Not Applicable
CVE-2025-0167NONE0
libcurl
8.11.1-r0
fixed in 8.12.0-r0
0.7%
Theoretical Threat
Not Applicable
CVE-2026-56131NONE0
libexpat
2.6.4-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Not Applicable
CVE-2026-56407NONE0
libexpat
2.6.4-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Not Applicable
CVE-2026-56408NONE0
libexpat
2.6.4-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Not Applicable
CVE-2026-56409NONE0
libexpat
2.6.4-r0
fixed in 2.8.2-r0
<0.1%
Theoretical Threat
Not Applicable
CVE-2024-58251NONE0
ssl_client
1.37.0-r9
fixed in 1.37.0-r14
0.2%
Theoretical Threat
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.