Vulnerability Reporthttpd:2.4.67-alpine

httpd:2.4.67-alpine3.23httpd:2.4.67-alpine
DIGESTsha256:0136c2d4462f3b8ecc92bea70efdfef4d06523999ae8d7aa533969dea6db4576

Executive Summary

Last scanned:

Threat Score
27/100NEEDS ATTENTION
Reputation
TRUSTED

This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. The image contains 46 exposed vulnerabilities, though the most severe (CVE-2026-45447, CVSS 6.48) only applies if the server processes PKCS#7/SMIME signed messages (non-default). Similarly, CVE-2026-45445 (CVSS 6.18) affects only applications using the rare AES-OCB one-shot API. The 16 post-exploit findings are all low severity (max 3.6) and do not increase risk. As an official Docker image, it is trusted, but updating to a patched version will eliminate these OpenSSL issues.

Vulnerabilities

Vulnerability Log

62 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2026-45447MEDIUM6.48
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
2.7%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-45447MEDIUM6.48
libssl3
3.5.6-r0
fixed in 3.5.7-r0
2.7%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-45445MEDIUM6.18
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-45445MEDIUM6.18
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-56132MEDIUM5.87
libexpat
2.7.5-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56403MEDIUM5.87
libexpat
2.7.5-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56404MEDIUM5.87
libexpat
2.7.5-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56405MEDIUM5.87
libexpat
2.7.5-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56406MEDIUM5.87
libexpat
2.7.5-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56410MEDIUM5.87
libexpat
2.7.5-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-56411MEDIUM5.87
libexpat
2.7.5-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-34181MEDIUM5.35
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42768MEDIUM5.35
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34181MEDIUM5.35
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42768MEDIUM5.35
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-34183MEDIUM5.1
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-45186MEDIUM5.1
libexpat
2.7.5-r0
fixed in 2.8.1-r0
0.4%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-34183MEDIUM5.1
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-6732MEDIUM5.1
libxml2
2.13.9-r0
fixed in 2.13.9-r1
0.6%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-50219MEDIUM5.02
libexpat
2.7.5-r0
fixed in 2.8.2-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-56412MEDIUM5.02
libexpat
2.7.5-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-7383MEDIUM4.67
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-7383MEDIUM4.67
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42767MEDIUM4.5
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42766MEDIUM4.5
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42767MEDIUM4.5
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-34180MEDIUM4.25
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-34180MEDIUM4.25
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-34182LOW3.77
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-34182LOW3.77
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-33630LOW3.6
c-ares
1.34.6-r0
fixed in 1.34.8-r0
Post-ExploitContext importance: MEDIUM
CVE-2026-45446LOW3.15
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-41080LOW3.15
libexpat
2.7.5-r0
fixed in 2.8.1-r0
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-45446LOW3.15
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-42764LOW3.01
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-42769LOW3.01
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42770LOW3.01
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-9076LOW3.01
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42764LOW3.01
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-42769LOW3.01
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42770LOW3.01
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-9076LOW3.01
libssl3
3.5.6-r0
fixed in 3.5.7-r0
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-3783LOW2.91
libcurl
8.17.0-r1
fixed in 8.19.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-42766LOW2.7
libcrypto3
3.5.6-r0
fixed in 3.5.7-r0
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-4873LOW2.7
libcurl
8.17.0-r1
fixed in 8.20.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-6253LOW2.7
libcurl
8.17.0-r1
fixed in 8.20.0-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-7009LOW2.7
libcurl
8.17.0-r1
fixed in 8.20.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-7168LOW2.7
libcurl
8.17.0-r1
fixed in 8.20.0-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2025-14017LOW2.45
libcurl
8.17.0-r1
fixed in 8.19.0-r0
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-5773LOW2.29
libcurl
8.17.0-r1
fixed in 8.20.0-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2026-6276LOW2.29
libcurl
8.17.0-r1
fixed in 8.20.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-1965LOW2.08
libcurl
8.17.0-r1
fixed in 8.19.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2025-14819LOW2.08
libcurl
8.17.0-r1
fixed in 8.19.0-r0
0.7%
Theoretical Threat
Post-Exploit
CVE-2026-3784LOW1.99
libcurl
8.17.0-r1
fixed in 8.19.0-r0
0.3%
Theoretical Threat
Post-Exploit
CVE-2026-5545LOW1.99
libcurl
8.17.0-r1
fixed in 8.20.0-r0
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-6429LOW1.99
libcurl
8.17.0-r1
fixed in 8.20.0-r0
0.5%
Theoretical Threat
Post-Exploit
CVE-2025-14524LOW1.99
libcurl
8.17.0-r1
fixed in 8.19.0-r0
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-3805LOW1.93
libcurl
8.17.0-r1
fixed in 8.19.0-r0
0.7%
Theoretical Threat
Post-Exploit
CVE-2026-56131NONE0
libexpat
2.7.5-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Not Applicable
CVE-2026-56407NONE0
libexpat
2.7.5-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Not Applicable
CVE-2026-56408NONE0
libexpat
2.7.5-r0
fixed in 2.8.2-r0
0.1%
Theoretical Threat
Not Applicable
CVE-2026-56409NONE0
libexpat
2.7.5-r0
fixed in 2.8.2-r0
<0.1%
Theoretical Threat
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.