Vulnerability Reporthttpd:2.4.63-alpine

httpd:2.4.63-alpine3.22httpd:2.4.63-alpine
DIGESTsha256:cc34b8bdde6ee55ea52db9819baa13ea36e4c7447eb7595db9ea720d1831851e

Executive Summary

Last scanned:

Threat Score
74/100CAUTION
Reputation
TRUSTED

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could cause denial of service or memory corruption via crafted XML input, exploiting vulnerabilities in libxml2 and libexpat that are reachable over HTTP. Disabling mod_dav (if not required) fully eliminates the attack vector for these XML-based vulnerabilities. Note that CVE-2026-28388 requires a non-default flag (X509_V_FLAG_USE_DELTAS) to be exploitable, reducing its practical risk.

Vulnerabilities

Vulnerability Log

123 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2025-49796CRITICAL9.1
libxml2
2.13.8-r0
fixed in 2.13.9-r0
1.4%
Low-Moderate Risk
Directly ExposedContext importance: HIGH
CVE-2025-49794HIGH7.73
libxml2
2.13.8-r0
fixed in 2.13.9-r0
0.7%
Theoretical Threat
Directly ExposedContext importance: HIGH
CVE-2025-6021HIGH7.5
libxml2
2.13.8-r0
fixed in 2.13.9-r0
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2026-25210MEDIUM6.63
libexpat
2.7.1-r0
fixed in 2.7.4-r0
0.2%
Theoretical Threat
Directly ExposedContext importance: HIGH
CVE-2026-28388MEDIUM6.38
libcrypto3
3.5.0-r0
fixed in 3.5.6-r0
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-28389MEDIUM6.38
libcrypto3
3.5.0-r0
fixed in 3.5.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28390MEDIUM6.38
libcrypto3
3.5.0-r0
fixed in 3.5.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-34183MEDIUM6.38
libcrypto3
3.5.0-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-45186MEDIUM6.38
libexpat
2.7.1-r0
fixed in 2.8.1-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-28388MEDIUM6.38
libssl3
3.5.0-r0
fixed in 3.5.6-r0
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-28389MEDIUM6.38
libssl3
3.5.0-r0
fixed in 3.5.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28390MEDIUM6.38
libssl3
3.5.0-r0
fixed in 3.5.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-34183MEDIUM6.38
libssl3
3.5.0-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-49795MEDIUM6.38
libxml2
2.13.8-r0
fixed in 2.13.9-r0
0.5%
Theoretical Threat
Directly ExposedContext importance: HIGH
CVE-2026-6732MEDIUM6.38
libxml2
2.13.8-r0
fixed in 2.13.9-r1
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-27135MEDIUM6.38
nghttp2-libs
1.65.0-r0
fixed in 1.68.1
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-69419MEDIUM6.29
libcrypto3
3.5.0-r0
fixed in 3.5.5-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34182MEDIUM6.29
libcrypto3
3.5.0-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-69419MEDIUM6.29
libssl3
3.5.0-r0
fixed in 3.5.5-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34182MEDIUM6.29
libssl3
3.5.0-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-33630MEDIUM6
c-ares
1.34.5-r0
fixed in 1.34.8-r0
Directly ExposedContext importance: MEDIUM
CVE-2025-9231MEDIUM5.9
libcrypto3
3.5.0-r0
fixed in 3.5.4-r0
2.2%
Low-Moderate Risk
Directly Exposed
CVE-2025-9231MEDIUM5.9
libssl3
3.5.0-r0
fixed in 3.5.4-r0
2.2%
Low-Moderate Risk
Directly Exposed
CVE-2026-56132MEDIUM5.87
libexpat
2.7.1-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56403MEDIUM5.87
libexpat
2.7.1-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56404MEDIUM5.87
libexpat
2.7.1-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56405MEDIUM5.87
libexpat
2.7.1-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56406MEDIUM5.87
libexpat
2.7.1-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56410MEDIUM5.87
libexpat
2.7.1-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56411MEDIUM5.87
libexpat
2.7.1-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2025-9230MEDIUM5.6
libcrypto3
3.5.0-r0
fixed in 3.5.4-r0
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2025-9230MEDIUM5.6
libssl3
3.5.0-r0
fixed in 3.5.4-r0
1.7%
Low-Moderate Risk
Directly Exposed
CVE-2026-2673MEDIUM5.52
libcrypto3
3.5.0-r0
fixed in 3.5.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-2673MEDIUM5.52
libssl3
3.5.0-r0
fixed in 3.5.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34181MEDIUM5.35
libcrypto3
3.5.0-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42768MEDIUM5.35
libcrypto3
3.5.0-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34181MEDIUM5.35
libssl3
3.5.0-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42768MEDIUM5.35
libssl3
3.5.0-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-59375MEDIUM5.3
libexpat
2.7.1-r0
fixed in 2.7.2-r0
1.3%
Low-Moderate Risk
Directly Exposed
CVE-2025-11187MEDIUM5.18
libcrypto3
3.5.0-r0
fixed in 3.5.5-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-11187MEDIUM5.18
libssl3
3.5.0-r0
fixed in 3.5.5-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-62408MEDIUM5.02
c-ares
1.34.5-r0
fixed in 1.34.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-31790MEDIUM5.02
libcrypto3
3.5.0-r0
fixed in 3.5.6-r0
1.0%
Theoretical Threat
Directly Exposed
CVE-2026-42764MEDIUM5.02
libcrypto3
3.5.0-r0
fixed in 3.5.7-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-15468MEDIUM5.02
libcrypto3
3.5.0-r0
fixed in 3.5.5-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-66199MEDIUM5.02
libcrypto3
3.5.0-r0
fixed in 3.5.5-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-69420MEDIUM5.02
libcrypto3
3.5.0-r0
fixed in 3.5.5-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-22796MEDIUM5.02
libcrypto3
3.5.0-r0
fixed in 3.5.5-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-42769MEDIUM5.02
libcrypto3
3.5.0-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42770MEDIUM5.02
libcrypto3
3.5.0-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-9076MEDIUM5.02
libcrypto3
3.5.0-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-50219MEDIUM5.02
libexpat
2.7.1-r0
fixed in 2.8.2-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-56412MEDIUM5.02
libexpat
2.7.1-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-31790MEDIUM5.02
libssl3
3.5.0-r0
fixed in 3.5.6-r0
1.0%
Theoretical Threat
Directly Exposed
CVE-2026-42764MEDIUM5.02
libssl3
3.5.0-r0
fixed in 3.5.7-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-15468MEDIUM5.02
libssl3
3.5.0-r0
fixed in 3.5.5-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-66199MEDIUM5.02
libssl3
3.5.0-r0
fixed in 3.5.5-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-69420MEDIUM5.02
libssl3
3.5.0-r0
fixed in 3.5.5-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-22796MEDIUM5.02
libssl3
3.5.0-r0
fixed in 3.5.5-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-42769MEDIUM5.02
libssl3
3.5.0-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42770MEDIUM5.02
libssl3
3.5.0-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-9076MEDIUM5.02
libssl3
3.5.0-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-15469MEDIUM4.67
libcrypto3
3.5.0-r0
fixed in 3.5.5-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-22795MEDIUM4.67
libcrypto3
3.5.0-r0
fixed in 3.5.5-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-7383MEDIUM4.67
libcrypto3
3.5.0-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-32776MEDIUM4.67
libexpat
2.7.1-r0
fixed in 2.7.5-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-32777MEDIUM4.67
libexpat
2.7.1-r0
fixed in 2.7.5-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-32778MEDIUM4.67
libexpat
2.7.1-r0
fixed in 2.7.5-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2025-15469MEDIUM4.67
libssl3
3.5.0-r0
fixed in 3.5.5-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-22795MEDIUM4.67
libssl3
3.5.0-r0
fixed in 3.5.5-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-7383MEDIUM4.67
libssl3
3.5.0-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-6042MEDIUM4.67
musl
1.2.5-r10
fixed in 1.2.5-r11
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-27171MEDIUM4.67
zlib
1.3.1-r2
fixed in 1.3.2-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42766MEDIUM4.5
libcrypto3
3.5.0-r0
fixed in 3.5.7-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42767MEDIUM4.5
libcrypto3
3.5.0-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42766MEDIUM4.5
libssl3
3.5.0-r0
fixed in 3.5.7-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42767MEDIUM4.5
libssl3
3.5.0-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-34743MEDIUM4.5
xz-libs
5.8.1-r0
fixed in 5.8.3-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34180MEDIUM4.25
libcrypto3
3.5.0-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-34180MEDIUM4.25
libssl3
3.5.0-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-15467MEDIUM4.06
libcrypto3
3.5.0-r0
fixed in 3.5.5-r0
47.6%
High Exploitation Risk
Post-Exploit
CVE-2025-15467MEDIUM4.06
libssl3
3.5.0-r0
fixed in 3.5.5-r0
47.6%
High Exploitation Risk
Post-Exploit
CVE-2025-68160MEDIUM4
libcrypto3
3.5.0-r0
fixed in 3.5.5-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-68160MEDIUM4
libssl3
3.5.0-r0
fixed in 3.5.5-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-69418LOW3.4
libcrypto3
3.5.0-r0
fixed in 3.5.5-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2025-69418LOW3.4
libssl3
3.5.0-r0
fixed in 3.5.5-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-45446LOW3.15
libcrypto3
3.5.0-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-41080LOW3.15
libexpat
2.7.1-r0
fixed in 2.8.1-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-45446LOW3.15
libssl3
3.5.0-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-9232LOW3.1
libcrypto3
3.5.0-r0
fixed in 3.5.4-r0
2.0%
Low-Moderate Risk
Directly Exposed
CVE-2025-9232LOW3.1
libssl3
3.5.0-r0
fixed in 3.5.4-r0
2.0%
Low-Moderate Risk
Directly Exposed
CVE-2026-31789LOW3
libcrypto3
3.5.0-r0
fixed in 3.5.6-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-31789LOW3
libssl3
3.5.0-r0
fixed in 3.5.6-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-45447LOW2.92
libcrypto3
3.5.0-r0
fixed in 3.5.7-r0
2.7%
Low-Moderate Risk
Post-Exploit
CVE-2026-45447LOW2.92
libssl3
3.5.0-r0
fixed in 3.5.7-r0
2.7%
Low-Moderate Risk
Post-Exploit
CVE-2026-45445LOW2.78
libcrypto3
3.5.0-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-45445LOW2.78
libssl3
3.5.0-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2025-5399LOW2.58
libcurl
8.14.0-r2
fixed in 8.14.1-r0
1.2%
Low-Moderate Risk
Post-Exploit
CVE-2026-28387LOW2.48
libcrypto3
3.5.0-r0
fixed in 3.5.6-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-28387LOW2.48
libssl3
3.5.0-r0
fixed in 3.5.6-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2025-10148LOW2.45
libcurl
8.14.0-r2
fixed in 8.14.1-r2
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-40200LOW2.39
musl
1.2.5-r10
fixed in 1.2.5-r12
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-22184LOW2.39
zlib
1.3.1-r2
fixed in 1.3.2-r0
0.4%
Theoretical Threat
Post-Exploit
CVE-2025-69421LOW2.29
libcrypto3
3.5.0-r0
fixed in 3.5.5-r0
0.8%
Theoretical Threat
Post-Exploit
CVE-2025-69421LOW2.29
libssl3
3.5.0-r0
fixed in 3.5.5-r0
0.8%
Theoretical Threat
Post-Exploit
CVE-2026-24515LOW2.12
libexpat
2.7.1-r0
fixed in 2.7.4-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-6170LOW2.12
libxml2
2.13.8-r0
fixed in 2.13.9-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-5545LOW1.99
libcurl
8.14.0-r2
fixed in 8.14.1-r3
0.4%
Theoretical Threat
Post-Exploit
CVE-2025-9086LOW1.91
libcurl
8.14.0-r2
fixed in 8.14.1-r2
1.3%
Low-Moderate Risk
Post-Exploit
CVE-2025-46394LOW1.68
busybox
1.37.0-r18
fixed in 1.37.0-r20
0.1%
Theoretical Threat
Post-Exploit
CVE-2025-46394LOW1.68
busybox-binsh
1.37.0-r18
fixed in 1.37.0-r20
0.1%
Theoretical Threat
Post-Exploit
CVE-2025-46394LOW1.68
ssl_client
1.37.0-r18
fixed in 1.37.0-r20
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-40200NONE0
musl-utils
1.2.5-r10
fixed in 1.2.5-r12
0.1%
Theoretical Threat
Not Applicable
CVE-2026-6042NONE0
musl-utils
1.2.5-r10
fixed in 1.2.5-r11
0.2%
Theoretical Threat
Not Applicable
CVE-2024-58251NONE0
busybox
1.37.0-r18
fixed in 1.37.0-r20
0.2%
Theoretical Threat
Not Applicable
CVE-2024-58251NONE0
busybox-binsh
1.37.0-r18
fixed in 1.37.0-r20
0.2%
Theoretical Threat
Not Applicable
CVE-2025-4575NONE0
libcrypto3
3.5.0-r0
fixed in 3.5.1-r0
0.3%
Theoretical Threat
Not Applicable
CVE-2026-56131NONE0
libexpat
2.7.1-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Not Applicable
CVE-2026-56407NONE0
libexpat
2.7.1-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Not Applicable
CVE-2026-56408NONE0
libexpat
2.7.1-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Not Applicable
CVE-2026-56409NONE0
libexpat
2.7.1-r0
fixed in 2.8.2-r0
<0.1%
Theoretical Threat
Not Applicable
CVE-2025-4575NONE0
libssl3
3.5.0-r0
fixed in 3.5.1-r0
0.3%
Theoretical Threat
Not Applicable
CVE-2024-58251NONE0
ssl_client
1.37.0-r18
fixed in 1.37.0-r20
0.2%
Theoretical Threat
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.