Apache Httpd 2.4

hardened latest

Full version: 2.4 Analyzed: 2026-02-10

Size Reduction -27% 120.2 MB to 152.7 MB (-32.5 MB saved)

Component Reduction 68% 112 to 36 packages (76 removed)

Vulnerability Reduction 97% 32 to 1 vulnerabilities (31 eliminated)

Image Comparison

Property	upstream	hardened
Image	docker.io/library/httpd:2.4	ghcr.io/armorred/apache-httpd:2.4-hardened
Size	120.2 MB	152.7 MB
Layers	6	38
Components	112	36
Vulnerabilities	32	1
Runtime User	root	65534

Vulnerability Analysis

upstream 32 total

1critical

7high

19medium

4low

hardened 1 total

1high

Upstream vulnerability details (32)

CVE ID	Severity	Package	Version	Fixed In
DEBIAN-CVE-2011-3374	low	apt	3.0.3	unfixed
DEBIAN-CVE-2022-3715	high	bash	5.2.37-2+b7	5.2-1
DEBIAN-CVE-2016-2781	medium	coreutils	9.7-3	9.4-1
DEBIAN-CVE-2017-18018	medium	coreutils	9.7-3	unfixed
DEBIAN-CVE-2025-5278	medium	coreutils	9.7-3	unfixed
DEBIAN-CVE-2025-6297	high	dpkg	1.22.21	1.22.21
DEBIAN-CVE-2025-13151	high	libtasn1-6	4.20.0-2	4.21.0-2
DEBIAN-CVE-2025-8732	low	libxml2	2.12.7+dfsg+really2.9.14-2.1+deb13u2	unfixed
DEBIAN-CVE-2025-9714	medium	libxml2	2.12.7+dfsg+really2.9.14-2.1+deb13u2	2.9.10+dfsg-6.7+deb11u9
DEBIAN-CVE-2026-0989	low	libxml2	2.12.7+dfsg+really2.9.14-2.1+deb13u2	unfixed
DEBIAN-CVE-2026-0990	medium	libxml2	2.12.7+dfsg+really2.9.14-2.1+deb13u2	unfixed
DEBIAN-CVE-2026-0992	low	libxml2	2.12.7+dfsg+really2.9.14-2.1+deb13u2	unfixed
DEBIAN-CVE-2026-1757	medium	libxml2	2.12.7+dfsg+really2.9.14-2.1+deb13u2	unfixed
DEBIAN-CVE-2025-11187	medium	openssl	3.5.4-1~deb13u2	3.5.4-1~deb13u2
DEBIAN-CVE-2025-15467	critical	openssl	3.5.4-1~deb13u2	3.0.18-1~deb12u2
DEBIAN-CVE-2025-15468	medium	openssl	3.5.4-1~deb13u2	3.5.4-1~deb13u2
DEBIAN-CVE-2025-15469	medium	openssl	3.5.4-1~deb13u2	3.5.4-1~deb13u2
DEBIAN-CVE-2025-27587	medium	openssl	3.5.4-1~deb13u2	3.5.0-1
DEBIAN-CVE-2025-66199	medium	openssl	3.5.4-1~deb13u2	3.5.4-1~deb13u2
DEBIAN-CVE-2025-68160	medium	openssl	3.5.4-1~deb13u2	3.0.18-1~deb12u2
DEBIAN-CVE-2025-69418	medium	openssl	3.5.4-1~deb13u2	3.0.18-1~deb12u2
DEBIAN-CVE-2025-69419	high	openssl	3.5.4-1~deb13u2	3.0.18-1~deb12u2
DEBIAN-CVE-2025-69420	high	openssl	3.5.4-1~deb13u2	3.0.18-1~deb12u2
DEBIAN-CVE-2025-69421	high	openssl	3.5.4-1~deb13u2	3.0.18-1~deb12u2
DEBIAN-CVE-2025-9230	high	openssl	3.5.4-1~deb13u2	1.1.1w-0+deb11u4
DEBIAN-CVE-2025-9231	medium	openssl	3.5.4-1~deb13u2	3.5.1-1+deb13u1
DEBIAN-CVE-2025-9232	medium	openssl	3.5.4-1~deb13u2	3.0.17-1~deb12u3
DEBIAN-CVE-2026-22795	medium	openssl	3.5.4-1~deb13u2	3.0.18-1~deb12u2
DEBIAN-CVE-2026-22796	medium	openssl	3.5.4-1~deb13u2	3.0.18-1~deb12u2
DEBIAN-CVE-2005-2541	unknown	tar	1.35+dfsg-3.1	unfixed
DEBIAN-CVE-2022-0563	medium	util-linux	2.41-5	unfixed
DEBIAN-CVE-2025-14104	medium	util-linux	2.41-5	2.41.3-1

Hardened vulnerability details (1)

CVE ID	Severity	Package	Version	Fixed In
OSV-2021-777	high	libxml2	2.13.8	unfixed

Software Bill of Materials

upstream components (112)

adduser 3.152
apt 3.0.3
base-files 13.8+deb13u3
base-passwd 3.6.7
bash 5.2.37-2+b7
bsdutils 1:2.41-5
ca-certificates 20250419
coreutils 9.7-3
dash 0.5.12-12
debconf 1.5.91
debian-archive-keyring 2025.1
debianutils 5.23.2
diffutils 1:3.10-4
dpkg 1.22.21
findutils 4.10.0-3
gcc-14-base 14.2.0-19
grep 3.11-4
gzip 1.13-1
hostname 3.25
init-system-helpers 1.69~deb13u1
libacl1 2.3.2-2+b1
libapr1t64 1.7.5-1
libaprutil1-ldap 1.6.3-3+b1
libaprutil1t64 1.6.3-3+b1
libapt-pkg7.0 3.0.3
libattr1 1:2.5.2-3
libaudit-common 1:4.0.2-2
libaudit1 1:4.0.2-2+b2
libblkid1 2.41-5
libbrotli1 1.1.0-2+b7
libbsd0 0.12.2-2
libbz2-1.0 1.0.8-6
libc-bin 2.41-12+deb13u1
libc6 2.41-12+deb13u1
libcap-ng0 0.8.5-4+b1
libcap2 1:2.75-10+b3
libcom-err2 1.47.2-3+b7
libcrypt1 1:4.4.38-1
libcurl4t64 8.14.1-2+deb13u2
libdb5.3t64 5.3.28+dfsg2-9
libdebconfclient0 0.280
libexpat1 2.7.1-2
libffi8 3.4.8-2
libgcc-s1 14.2.0-19
libgdbm6t64 1.24-2
libgmp10 2:6.3.0+dfsg-3
libgnutls30t64 3.8.9-3+deb13u1
libgssapi-krb5-2 1.21.3-5
libhogweed6t64 3.10.1-1
libidn2-0 2.3.8-2
libjansson4 2.14-2+b3
libk5crypto3 1.21.3-5
libkeyutils1 1.6.3-6
libkrb5-3 1.21.3-5
libkrb5support0 1.21.3-5
liblastlog2-2 2.41-5
libldap-common 2.6.10+dfsg-1
libldap2 2.6.10+dfsg-1
liblua5.2-0 5.2.4-3+b3
liblz4-1 1.10.0-4
liblzma5 5.8.1-1
libmd0 1.1.0-2+b1
libmount1 2.41-5
libnettle8t64 3.10.1-1
libnghttp2-14 1.64.0-1.1
libnghttp3-9 1.8.0-1
libp11-kit0 0.25.5-3
libpam-modules 1.7.0-5
libpam-modules-bin 1.7.0-5
libpam-runtime 1.7.0-5
libpam0g 1.7.0-5
libpcre2-8-0 10.46-1~deb13u1
libpsl5t64 0.21.2-1.1+b1
librtmp1 2.4+20151223.gitfa8646d.1-2+b5
libsasl2-2 2.1.28+dfsg1-9
libsasl2-modules-db 2.1.28+dfsg1-9
libseccomp2 2.6.0-2
libselinux1 3.8.1-1
libsemanage-common 3.8.1-1
libsemanage2 3.8.1-1
libsepol2 3.8.1-1
libsmartcols1 2.41-5
libsqlite3-0 3.46.1-7
libssh2-1t64 1.11.1-1
libssl3t64 3.5.4-1~deb13u2
libstdc++6 14.2.0-19
libsystemd0 257.9-1~deb13u1
libtasn1-6 4.20.0-2
libtinfo6 6.5+20250216-2
libudev1 257.9-1~deb13u1
libunistring5 1.3-2
libuuid1 2.41-5
libxml2 2.12.7+dfsg+really2.9.14-2.1+deb13u2
libxxhash0 0.8.3-2
libzstd1 1.5.7+dfsg-1
login 1:4.16.0-2+really2.41-5
login.defs 1:4.17.4-2
mawk 1.3.4.20250131-1
mount 2.41-5
ncurses-base 6.5+20250216-2
ncurses-bin 6.5+20250216-2
openssl 3.5.4-1~deb13u2
openssl-provider-legacy 3.5.4-1~deb13u2
passwd 1:4.17.4-2
perl-base 5.40.1-6
sed 4.9-2
sqv 1.3.0-3+b2
sysvinit-utils 3.14-4
tar 1.35+dfsg-3.1
tzdata 2025b-4+deb13u1
util-linux 2.41-5
zlib1g 1:1.3.dfsg+really1.3.1-1+b1

hardened components (36)

acl 2.3.2
apache-httpd 2.4.62
apr 1.7.5
apr-util 1.6.3
attr 2.5.2
bash 5.2p37
brotli 1.1.0
bzip2 1.0.8
bzip2 1.0.8
coreutils 9.5
cyrus-sasl 2.1.28
db 5.3.28
expat 2.7.1
gcc 13.3.0
gcc 13.3.0
glibc 2.40-66
gmp-with-cxx 6.3.0
gnutar 1.35
gzip 1.13
keyutils 1.6.3
krb5 1.21.3
libidn2 2.3.7
libsodium 1.0.20
libtool 2.4.7
libunistring 1.2
libxcrypt 4.4.36
libxml2 2.13.8
lynx 2.9.0
ncurses 6.4.20221231
nghttp2 1.64.0
openldap 2.6.9
openssl 3.3.3
pcre2 10.44
perl 5.40.0
xgcc 13.3.0
zlib 1.3.1

Download SBOMs

Upstream SBOM Hardened SBOM

Usage

$
podman pull ghcr.io/armorred/apache-httpd:2.4

Verify Signature

$
cosign verify --key https://armorred.org/cosign.pub ghcr.io/armorred/apache-httpd:2.4