Vulnerability Reporthttpd:2.4.65-alpine

httpd:2.4.65-alpine3.22httpd:2.4.65-alpine
DIGESTsha256:07b2fabb7029a0b8aeb2e0fd02651c28fe22c21c5b5a59d6ff5b022791fcd89e

Executive Summary

Last scanned:

Threat Score
80/100DANGEROUS
Reputation
TRUSTED

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could achieve remote code execution via CVE-2025-15467 if CMS parsing is enabled, or cause denial of service through vulnerabilities like CVE-2025-49796 (memory corruption in libxml2). Disabling CMS and PKCS#7 functionality across the container would fully mitigate the most severe risks. Note that many high-severity findings depend on non-default configurations or modules, but the overall exposed surface of 95 vulnerabilities remains unacceptable for production environments.

Vulnerabilities

Vulnerability Log

111 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2025-15467HIGH8
libcrypto3
3.5.4-r0
fixed in 3.5.5-r0
47.6%
High Exploitation Risk
Directly ExposedContext importance: MEDIUM
CVE-2025-15467HIGH8
libssl3
3.5.4-r0
fixed in 3.5.5-r0
47.6%
High Exploitation Risk
Directly ExposedContext importance: MEDIUM
CVE-2025-49796HIGH7.28
libxml2
2.13.8-r0
fixed in 2.13.9-r0
1.4%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-31789MEDIUM6.66
libcrypto3
3.5.4-r0
fixed in 3.5.6-r0
0.2%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-31789MEDIUM6.66
libssl3
3.5.4-r0
fixed in 3.5.6-r0
0.2%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-45447MEDIUM6.48
libcrypto3
3.5.4-r0
fixed in 3.5.7-r0
2.7%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-45447MEDIUM6.48
libssl3
3.5.4-r0
fixed in 3.5.7-r0
2.7%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2025-69421MEDIUM6.38
libcrypto3
3.5.4-r0
fixed in 3.5.5-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28389MEDIUM6.38
libcrypto3
3.5.4-r0
fixed in 3.5.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28390MEDIUM6.38
libcrypto3
3.5.4-r0
fixed in 3.5.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-34183MEDIUM6.38
libcrypto3
3.5.4-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-45186MEDIUM6.38
libexpat
2.7.3-r0
fixed in 2.8.1-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-69421MEDIUM6.38
libssl3
3.5.4-r0
fixed in 3.5.5-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28389MEDIUM6.38
libssl3
3.5.4-r0
fixed in 3.5.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-28390MEDIUM6.38
libssl3
3.5.4-r0
fixed in 3.5.6-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-34183MEDIUM6.38
libssl3
3.5.4-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-6732MEDIUM6.38
libxml2
2.13.8-r0
fixed in 2.13.9-r1
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-27135MEDIUM6.38
nghttp2-libs
1.65.0-r0
fixed in 1.68.1
0.8%
Theoretical Threat
Directly Exposed
CVE-2025-69419MEDIUM6.29
libcrypto3
3.5.4-r0
fixed in 3.5.5-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34182MEDIUM6.29
libcrypto3
3.5.4-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-69419MEDIUM6.29
libssl3
3.5.4-r0
fixed in 3.5.5-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34182MEDIUM6.29
libssl3
3.5.4-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-49794MEDIUM6.18
libxml2
2.13.8-r0
fixed in 2.13.9-r0
0.7%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-33630MEDIUM6
c-ares
1.34.5-r0
fixed in 1.34.8-r0
Directly ExposedContext importance: MEDIUM
CVE-2026-28388MEDIUM6
libcrypto3
3.5.4-r0
fixed in 3.5.6-r0
1.1%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-28388MEDIUM6
libssl3
3.5.4-r0
fixed in 3.5.6-r0
1.1%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2025-6021MEDIUM6
libxml2
2.13.8-r0
fixed in 2.13.9-r0
1.1%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-56132MEDIUM5.87
libexpat
2.7.3-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56403MEDIUM5.87
libexpat
2.7.3-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56404MEDIUM5.87
libexpat
2.7.3-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56405MEDIUM5.87
libexpat
2.7.3-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56406MEDIUM5.87
libexpat
2.7.3-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56410MEDIUM5.87
libexpat
2.7.3-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56411MEDIUM5.87
libexpat
2.7.3-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-2673MEDIUM5.52
libcrypto3
3.5.4-r0
fixed in 3.5.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-2673MEDIUM5.52
libssl3
3.5.4-r0
fixed in 3.5.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34181MEDIUM5.35
libcrypto3
3.5.4-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42768MEDIUM5.35
libcrypto3
3.5.4-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34181MEDIUM5.35
libssl3
3.5.4-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42768MEDIUM5.35
libssl3
3.5.4-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-11187MEDIUM5.18
libcrypto3
3.5.4-r0
fixed in 3.5.5-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-11187MEDIUM5.18
libssl3
3.5.4-r0
fixed in 3.5.5-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-49795MEDIUM5.1
libxml2
2.13.8-r0
fixed in 2.13.9-r0
0.5%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2025-62408MEDIUM5.02
c-ares
1.34.5-r0
fixed in 1.34.6-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-31790MEDIUM5.02
libcrypto3
3.5.4-r0
fixed in 3.5.6-r0
1.0%
Theoretical Threat
Directly Exposed
CVE-2026-42764MEDIUM5.02
libcrypto3
3.5.4-r0
fixed in 3.5.7-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-15468MEDIUM5.02
libcrypto3
3.5.4-r0
fixed in 3.5.5-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-66199MEDIUM5.02
libcrypto3
3.5.4-r0
fixed in 3.5.5-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-69420MEDIUM5.02
libcrypto3
3.5.4-r0
fixed in 3.5.5-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-22796MEDIUM5.02
libcrypto3
3.5.4-r0
fixed in 3.5.5-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-42769MEDIUM5.02
libcrypto3
3.5.4-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42770MEDIUM5.02
libcrypto3
3.5.4-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-9076MEDIUM5.02
libcrypto3
3.5.4-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-50219MEDIUM5.02
libexpat
2.7.3-r0
fixed in 2.8.2-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-56412MEDIUM5.02
libexpat
2.7.3-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-31790MEDIUM5.02
libssl3
3.5.4-r0
fixed in 3.5.6-r0
1.0%
Theoretical Threat
Directly Exposed
CVE-2026-42764MEDIUM5.02
libssl3
3.5.4-r0
fixed in 3.5.7-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-15468MEDIUM5.02
libssl3
3.5.4-r0
fixed in 3.5.5-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2025-66199MEDIUM5.02
libssl3
3.5.4-r0
fixed in 3.5.5-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-69420MEDIUM5.02
libssl3
3.5.4-r0
fixed in 3.5.5-r0
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-22796MEDIUM5.02
libssl3
3.5.4-r0
fixed in 3.5.5-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-42769MEDIUM5.02
libssl3
3.5.4-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42770MEDIUM5.02
libssl3
3.5.4-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-9076MEDIUM5.02
libssl3
3.5.4-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-15469MEDIUM4.67
libcrypto3
3.5.4-r0
fixed in 3.5.5-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-22795MEDIUM4.67
libcrypto3
3.5.4-r0
fixed in 3.5.5-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-7383MEDIUM4.67
libcrypto3
3.5.4-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-32776MEDIUM4.67
libexpat
2.7.3-r0
fixed in 2.7.5-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-32777MEDIUM4.67
libexpat
2.7.3-r0
fixed in 2.7.5-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-32778MEDIUM4.67
libexpat
2.7.3-r0
fixed in 2.7.5-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2025-15469MEDIUM4.67
libssl3
3.5.4-r0
fixed in 3.5.5-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-22795MEDIUM4.67
libssl3
3.5.4-r0
fixed in 3.5.5-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-7383MEDIUM4.67
libssl3
3.5.4-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-6042MEDIUM4.67
musl
1.2.5-r10
fixed in 1.2.5-r11
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-27171MEDIUM4.67
zlib
1.3.1-r2
fixed in 1.3.2-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42766MEDIUM4.5
libcrypto3
3.5.4-r0
fixed in 3.5.7-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42767MEDIUM4.5
libcrypto3
3.5.4-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42766MEDIUM4.5
libssl3
3.5.4-r0
fixed in 3.5.7-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42767MEDIUM4.5
libssl3
3.5.4-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-34743MEDIUM4.5
xz-libs
5.8.1-r0
fixed in 5.8.3-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34180MEDIUM4.25
libcrypto3
3.5.4-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-34180MEDIUM4.25
libssl3
3.5.4-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-68160MEDIUM4
libcrypto3
3.5.4-r0
fixed in 3.5.5-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-68160MEDIUM4
libssl3
3.5.4-r0
fixed in 3.5.5-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-40200LOW3.98
musl-utils
1.2.5-r10
fixed in 1.2.5-r12
0.1%
Theoretical Threat
Post-Exploit
CVE-2025-69418LOW3.4
libcrypto3
3.5.4-r0
fixed in 3.5.5-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2025-69418LOW3.4
libssl3
3.5.4-r0
fixed in 3.5.5-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-45446LOW3.15
libcrypto3
3.5.4-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-41080LOW3.15
libexpat
2.7.3-r0
fixed in 2.8.1-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-45446LOW3.15
libssl3
3.5.4-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-6042LOW2.8
musl-utils
1.2.5-r10
fixed in 1.2.5-r11
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-45445LOW2.78
libcrypto3
3.5.4-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-45445LOW2.78
libssl3
3.5.4-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-28387LOW2.48
libcrypto3
3.5.4-r0
fixed in 3.5.6-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-28387LOW2.48
libssl3
3.5.4-r0
fixed in 3.5.6-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-25210LOW2.39
libexpat
2.7.3-r0
fixed in 2.7.4-r0
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-40200LOW2.39
musl
1.2.5-r10
fixed in 1.2.5-r12
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-22184LOW2.39
zlib
1.3.1-r2
fixed in 1.3.2-r0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-24515LOW2.12
libexpat
2.7.3-r0
fixed in 2.7.4-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-6170LOW2.12
libxml2
2.13.8-r0
fixed in 2.13.9-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-5545LOW1.99
libcurl
8.14.1-r2
fixed in 8.14.1-r3
0.4%
Theoretical Threat
Post-Exploit
CVE-2025-46394LOW1.68
busybox
1.37.0-r19
fixed in 1.37.0-r20
0.1%
Theoretical Threat
Post-Exploit
CVE-2025-46394LOW1.68
busybox-binsh
1.37.0-r19
fixed in 1.37.0-r20
0.1%
Theoretical Threat
Post-Exploit
CVE-2025-46394LOW1.68
ssl_client
1.37.0-r19
fixed in 1.37.0-r20
0.1%
Theoretical Threat
Post-Exploit
CVE-2024-58251NONE0
busybox
1.37.0-r19
fixed in 1.37.0-r20
0.2%
Theoretical Threat
Not Applicable
CVE-2024-58251NONE0
busybox-binsh
1.37.0-r19
fixed in 1.37.0-r20
0.2%
Theoretical Threat
Not Applicable
CVE-2026-56131NONE0
libexpat
2.7.3-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Not Applicable
CVE-2026-56407NONE0
libexpat
2.7.3-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Not Applicable
CVE-2026-56408NONE0
libexpat
2.7.3-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Not Applicable
CVE-2026-56409NONE0
libexpat
2.7.3-r0
fixed in 2.8.2-r0
<0.1%
Theoretical Threat
Not Applicable
CVE-2024-58251NONE0
ssl_client
1.37.0-r19
fixed in 1.37.0-r20
0.2%
Theoretical Threat
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.