The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2022-0084

CVE-2022-0084: Redhat Integration Camel K DOS Vulnerability

CVE-2022-0084 is a denial of service flaw in Redhat Integration Camel K that enables attackers to cause log contention or disk exhaustion through malicious requests. This article covers technical details, impact, and mitigation.

Published: February 17, 2026

CVE-2022-0084 Overview

A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.

This vulnerability is classified as Resource Exhaustion (CWE-770), which occurs when an application does not properly control the allocation and maintenance of a limited resource, allowing an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

Critical Impact

Attackers can exploit this logging flaw to cause denial of service through disk exhaustion or severe performance degradation via log contention on systems running XNIO-based applications.

Affected Products

  • Red Hat XNIO
  • Red Hat Integration Camel K
  • Red Hat Integration Camel Quarkus
  • Red Hat Single Sign-On 7.0

Discovery Timeline

  • 2022-08-26 - CVE-2022-0084 published to NVD
  • 2024-11-21 - Last updated in NVD database

Technical Details for CVE-2022-0084

Vulnerability Analysis

The vulnerability exists within the XNIO library's notifyReadClosed method in the StreamConnection.java class. XNIO is a low-level I/O layer used by Red Hat's WildFly application server and other Java-based middleware products. The core issue stems from improper logging behavior where the method logs messages to an unintended destination.

When processing connection closure events, the notifyReadClosed method generates log entries that can be triggered by specially crafted network requests. An attacker can exploit this by sending malformed or rapid sequences of requests designed to trigger excessive logging. Since the logging operation lacks proper rate limiting or resource controls, this creates a resource exhaustion condition.

Root Cause

The root cause is classified under CWE-770: Allocation of Resources Without Limits or Throttling. The notifyReadClosed method in StreamConnection.java performs logging operations without adequate controls on:

  1. The volume of log messages that can be generated
  2. The rate at which logging can occur
  3. The total disk space that can be consumed by log files

The fix introduced proper logging controls through the org.jboss.logging.Logger class, as evidenced by the patch that adds the Logger import to handle logging operations more appropriately.

Attack Vector

The vulnerability is exploitable over the network without requiring authentication or user interaction. An attacker can target this flaw through the following approach:

  1. Identify a server running vulnerable XNIO-based applications (WildFly, JBoss, Camel, or Single Sign-On)
  2. Send crafted network requests designed to trigger connection closures that invoke the notifyReadClosed method
  3. Sustain the attack to continuously generate log entries
  4. The server's disk space becomes exhausted or logging contention degrades performance

The security patch addressed this issue by implementing proper logging controls in the StreamConnection.java file:

java
 import java.io.IOException;
 import java.util.concurrent.atomic.AtomicReference;
 
+import org.jboss.logging.Logger;
 import org.xnio.channels.CloseListenerSettable;
 import org.xnio.conduits.ConduitStreamSinkChannel;
 import org.xnio.conduits.ConduitStreamSourceChannel;

Source: GitHub XNIO Commit fdefb3b

Detection Methods for CVE-2022-0084

Indicators of Compromise

  • Rapid growth in application log file sizes without corresponding increase in legitimate traffic
  • Unusual disk I/O patterns related to logging operations on XNIO-based application servers
  • Performance degradation in WildFly, JBoss, or other XNIO-dependent services coinciding with network activity
  • High volume of connection closure events in server logs from external sources

Detection Strategies

  • Monitor disk space utilization on servers running XNIO-based applications for anomalous consumption patterns
  • Implement log file size monitoring and alerting thresholds for Java middleware applications
  • Deploy network traffic analysis to detect patterns consistent with log-flooding attacks targeting application servers
  • Review application logs for unusual connection termination patterns that may indicate exploitation attempts

Monitoring Recommendations

  • Configure disk space alerts at multiple thresholds (70%, 85%, 95%) for volumes containing application logs
  • Implement centralized log management to correlate logging anomalies across XNIO-based deployments
  • Monitor Java process CPU and I/O metrics for contention patterns indicative of logging bottlenecks
  • Establish baseline logging volumes to facilitate anomaly detection

How to Mitigate CVE-2022-0084

Immediate Actions Required

  • Update XNIO library to the patched version that includes commit fdefb3b8b715d33387cadc4d48991fb1989b0c12
  • Review and update all affected Red Hat products including Integration Camel K, Integration Camel Quarkus, and Single Sign-On 7.0
  • Implement log rotation policies to prevent complete disk exhaustion during potential attacks
  • Configure rate limiting on network endpoints to reduce attack surface

Patch Information

Red Hat has addressed this vulnerability through updates to the XNIO library. Organizations should apply the security patches available through Red Hat's official channels. The fix has been merged via GitHub XNIO Pull Request #291 and is available in the official commit.

For detailed patch information and affected versions, consult the Red Hat CVE-2022-0084 Advisory and Red Hat Bug Report #2064226.

Workarounds

  • Implement disk quotas for log directories to prevent complete disk exhaustion scenarios
  • Configure log rotation with size-based limits (e.g., maximum 100MB per log file, retain only 5 files)
  • Deploy network-level rate limiting to reduce the volume of potential malicious requests
  • Consider implementing a separate logging partition to isolate log storage from critical system functions
bash
# Example log rotation configuration for XNIO-based applications
# Add to /etc/logrotate.d/xnio-apps
/var/log/xnio/*.log {
    daily
    rotate 5
    size 100M
    compress
    delaycompress
    missingok
    notifempty
    create 0640 jboss jboss
}

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeDOS
  • Vendor/TechRedhat
  • SeverityHIGH
  • CVSS Score7.5
  • EPSS Probability0.46%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityHigh
  • CWE References
  • CWE-770
  • Vendor Resources
  • Red Hat CVE-2022-0084 Advisory
  • Red Hat Bug Report #2064226
  • GitHub XNIO Commit fdefb3b
  • GitHub XNIO Pull Request #291
  • Related CVEs
  • CVE-2025-9784: Apache Camel Spring Boot DoS Vulnerability
  • CVE-2025-5318: OpenShift Information Disclosure Bug
  • CVE-2022-0996: 389 Directory Server Auth Bypass Flaw
  • CVE-2022-3787: Red Hat Device-mapper-multipath Escalation
Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English