The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2022-28615

CVE-2022-28615: Apache HTTP Server DOS Vulnerability

CVE-2022-28615 is a denial of service vulnerability in Apache HTTP Server 2.4.53 and earlier that may cause crashes or information disclosure. This article covers the technical details, affected versions, and mitigation.

Published: February 17, 2026

CVE-2022-28615 Overview

CVE-2022-28615 is an Out-of-Bounds Read vulnerability affecting Apache HTTP Server versions 2.4.53 and earlier. The vulnerability exists in the ap_strcmp_match() function, which may read beyond bounds when provided with an extremely large input buffer. This can result in a server crash (denial of service) or potential information disclosure.

While no code distributed with the core Apache HTTP Server can be coerced into triggering this vulnerability, third-party modules or Lua scripts that utilize the ap_strcmp_match() function may hypothetically be affected. Organizations running custom modules or Lua-based configurations should assess their exposure.

Critical Impact

This vulnerability can lead to server crashes causing denial of service, and may expose sensitive memory contents through information disclosure when exploited via third-party modules or Lua scripts using the vulnerable ap_strcmp_match() function.

Affected Products

  • Apache HTTP Server versions up to and including 2.4.53
  • Fedora 35 and Fedora 36
  • NetApp Clustered Data ONTAP

Discovery Timeline

  • 2022-06-09 - CVE-2022-28615 published to NVD
  • 2025-12-18 - Last updated in NVD database

Technical Details for CVE-2022-28615

Vulnerability Analysis

This vulnerability stems from an Integer Overflow issue (CWE-190) in the ap_strcmp_match() function within Apache HTTP Server. When this function receives an extremely large input buffer, it fails to properly validate buffer boundaries before performing comparison operations. This boundary validation failure allows read operations to access memory beyond the allocated buffer space.

The function is used for wildcard pattern matching operations, which are common in URL rewriting, access control, and request handling. When third-party modules or Lua scripts pass oversized inputs to this function without proper validation, the resulting out-of-bounds read can expose adjacent memory contents or trigger a segmentation fault.

The network-accessible nature of this vulnerability combined with the lack of required authentication and low attack complexity makes it particularly concerning for internet-facing Apache deployments. However, the actual exploitability depends on whether the server deployment includes vulnerable third-party components that can be manipulated to pass malicious input to ap_strcmp_match().

Root Cause

The root cause is an Integer Overflow (CWE-190) in the ap_strcmp_match() function. When processing extremely large input buffers, the function fails to properly handle integer boundaries during buffer length calculations. This leads to incorrect boundary checks, allowing subsequent read operations to access memory locations beyond the intended buffer limits.

Attack Vector

The vulnerability is exploitable over the network without requiring authentication or user interaction. An attacker would need to identify a third-party module or Lua script that passes user-controllable input to the ap_strcmp_match() function. By crafting requests with extremely large input values, the attacker can trigger the out-of-bounds read condition.

The attack flow involves:

  1. Identifying a target Apache server with vulnerable third-party modules or Lua scripts
  2. Crafting HTTP requests with extremely large input parameters that reach ap_strcmp_match()
  3. Triggering the integer overflow condition to cause out-of-bounds memory access
  4. Observing server behavior for crash conditions or extracting leaked information from error responses

Since no verified exploit code is publicly available, the specific exploitation technique would vary based on the third-party component being targeted. For detailed technical information, refer to the Openwall Security Discussion and the Apache HTTP Server Security Vulnerabilities page.

Detection Methods for CVE-2022-28615

Indicators of Compromise

  • Unexpected Apache HTTP Server crashes or segmentation faults in error logs
  • HTTP requests containing abnormally large parameter values or headers
  • Memory access violations in Apache child processes
  • Core dump files generated by Apache processes indicating memory corruption

Detection Strategies

  • Monitor Apache error logs for segmentation faults and unexpected child process terminations
  • Implement web application firewall (WAF) rules to detect and block requests with oversized input parameters
  • Use intrusion detection systems (IDS) to identify patterns of requests targeting known vulnerable modules
  • Audit third-party Apache modules and Lua scripts for usage of ap_strcmp_match() function

Monitoring Recommendations

  • Configure centralized logging to aggregate Apache error logs for anomaly detection
  • Set up alerts for Apache process crashes and restart events
  • Monitor memory usage patterns of Apache processes for signs of memory leaks or corruption
  • Track request sizes and flag anomalously large HTTP requests for review

How to Mitigate CVE-2022-28615

Immediate Actions Required

  • Upgrade Apache HTTP Server to version 2.4.54 or later, which contains the security fix
  • Audit all third-party modules and Lua scripts for usage of ap_strcmp_match() function
  • Implement input size validation at the web application firewall level
  • Review and update all dependent systems including Fedora and NetApp Clustered Data ONTAP installations

Patch Information

Apache has released a security patch addressing this vulnerability in Apache HTTP Server version 2.4.54. Organizations should upgrade to this version or later to fully remediate the vulnerability. Detailed patch information is available in the Apache HTTP Server Security Vulnerabilities advisory.

Additional vendor-specific patches are available:

  • Fedora Package Announcements
  • NetApp Security Advisory
  • Gentoo GLSA 202208-20

Workarounds

  • Configure request size limits in Apache to restrict maximum input buffer sizes
  • Disable or remove unnecessary third-party modules, particularly those using pattern matching functions
  • Implement reverse proxy with input validation to filter malformed requests before they reach Apache
  • Use mod_security or similar WAF modules to enforce strict input validation rules
bash
# Example Apache configuration to limit request body size
# Add to httpd.conf or appropriate virtual host configuration
LimitRequestBody 1048576
LimitRequestFields 50
LimitRequestFieldSize 8190
LimitRequestLine 8190

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeDOS
  • Vendor/TechApache
  • SeverityCRITICAL
  • CVSS Score9.1
  • EPSS Probability1.11%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityHigh
  • CWE References
  • CWE-190
  • Technical References
  • Openwall Security Discussion
  • Fedora Package Announcement
  • Fedora Package Announcement
  • Gentoo GLSA 202208-20
  • NetApp Security Advisory
  • Vendor Resources
  • Apache HTTP Server Vulnerabilities
  • Related CVEs
  • CVE-2025-55753: Apache HTTP Server DoS Vulnerability
  • CVE-2024-36387: Apache HTTP Server DoS Vulnerability
  • CVE-2025-49630: Apache HTTP Server DOS Vulnerability
  • CVE-2024-27316: Apache HTTP Server DoS Vulnerability
Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English