Login Sign Up

CVE-2022-28615

9.1 CRITICAL
Denial of Service Buffer Overflow

📋 TL;DR

This vulnerability in Apache HTTP Server 2.4.53 and earlier could cause crashes or information disclosure due to a buffer overflow in the ap_strcmp_match() function. Only systems using third-party modules or Lua scripts that call ap_strcmp_match() with extremely large inputs are affected. The core Apache distribution cannot trigger this vulnerability.

💻 Affected Systems

Products:
  • Apache HTTP Server
Versions: 2.4.53 and earlier
Operating Systems: All operating systems running affected Apache versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when third-party modules or Lua scripts use ap_strcmp_match() with extremely large input buffers

📦 What is this software?

Clustered Data Ontap by Netapp

View all CVEs affecting Clustered Data Ontap →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Http Server by Apache

View all CVEs affecting Http Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Server crash leading to denial of service or memory disclosure revealing sensitive information

🟠

Likely Case

Server crash causing temporary service disruption

🟢

If Mitigated

No impact if no third-party modules use ap_strcmp_match() with large inputs

🌐 Internet-Facing: MEDIUM - Only affects specific configurations with vulnerable third-party modules
🏢 Internal Only: LOW - Same limited scope, but internal systems typically have fewer vulnerable modules

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: HIGH

Exploitation requires specific third-party module configurations and large input buffers

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apache HTTP Server 2.4.54

Vendor Advisory: https://httpd.apache.org/security/vulnerabilities_24.html

Restart Required: Yes

Instructions:

1. Download Apache 2.4.54 or later from httpd.apache.org 2. Stop Apache service 3. Install/upgrade to patched version 4. Restart Apache service

🔧 Temporary Workarounds

Disable vulnerable third-party modules

all

Identify and disable any third-party modules that use ap_strcmp_match() function

# Check loaded modules: apachectl -M
# Disable modules in httpd.conf: LoadModule <module_name> off

🧯 If You Can't Patch

  • Review and restrict third-party module usage to only essential functions
  • Implement WAF rules to block extremely large input buffers to ap_strcmp_match() calls

🔍 How to Verify

Check if Vulnerable:

Check Apache version with 'httpd -v' or 'apache2 -v' and verify if it's 2.4.53 or earlier

Check Version:

httpd -v 2>/dev/null || apache2 -v 2>/dev/null || apachectl -v 2>/dev/null

Verify Fix Applied:

Confirm version is 2.4.54 or later using 'httpd -v' and test server functionality

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault errors in Apache logs
  • Unexpected Apache process crashes
  • Error logs mentioning ap_strcmp_match

Network Indicators:

  • Sudden HTTP service unavailability
  • Connection resets to Apache server

SIEM Query:

source="apache_logs" AND ("segmentation fault" OR "core dumped" OR "ap_strcmp_match")

📊 Metadata

CVE ID: CVE-2022-28615
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-190
Published: June 9, 2022
Last Updated: December 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-28615, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)
CVE-2025-53518 9.8

An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe...

Same vulnerability type (CWE-190)