VulnerableCode Package Details - pkg:rpm/redhat/mod_cluster@1.2.13-1.Final_redhat

Search for packages

Vulnerability	Summary	Fixed by
VCID-2xc4-7zg9-y7fw Aliases: CVE-2016-5387	HTTP_PROXY is a well-defined environment variable in a CGI process, which collided with a number of libraries which failed to avoid colliding with this CGI namespace. A mitigation is provided for the httpd CGI environment to avoid populating the "HTTP_PROXY" variable from a "Proxy:" header, which has never been registered by IANA. This workaround and patch are documented in the ASF Advisory at asf-httpoxy-response.txt and incorporated in the 2.4.25 and 2.2.32 releases. Note: This is not assigned an httpd severity, as it is a defect in other software which overloaded well-established CGI environment variables, and does not reflect an error in HTTP server software.	There are no reported fixed by versions.
VCID-33f9-ps96-9bfz Aliases: CVE-2016-2106	Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack.	There are no reported fixed by versions.
VCID-snj8-2smt-3kdv Aliases: CVE-2016-3110 GHSA-68qq-3phh-53j7	mod_cluster Denial of Service vulnerability mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element.	There are no reported fixed by versions.
VCID-vqe4-4q4r-aybe Aliases: CVE-2016-2105	Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-2xc4-7zg9-y7fw
Aliases:
CVE-2016-5387

HTTP_PROXY is a well-defined environment variable in a CGI process, which collided with a number of libraries which failed to avoid colliding with this CGI namespace. A mitigation is provided for the httpd CGI environment to avoid populating the "HTTP_PROXY" variable from a "Proxy:" header, which has never been registered by IANA. This workaround and patch are documented in the ASF Advisory at asf-httpoxy-response.txt and incorporated in the 2.4.25 and 2.2.32 releases. Note: This is not assigned an httpd severity, as it is a defect in other software which overloaded well-established CGI environment variables, and does not reflect an error in HTTP server software.

There are no reported fixed by versions.

VCID-33f9-ps96-9bfz
Aliases:
CVE-2016-2106

Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack.

There are no reported fixed by versions.

VCID-snj8-2smt-3kdv
Aliases:
CVE-2016-3110
GHSA-68qq-3phh-53j7

mod_cluster Denial of Service vulnerability mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element.

There are no reported fixed by versions.

VCID-vqe4-4q4r-aybe
Aliases:
CVE-2016-2105

Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:36:43.840486+00:00	RedHat Importer	Affected by	VCID-33f9-ps96-9bfz	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2106.json	38.0.0
2026-04-01T14:36:43.439333+00:00	RedHat Importer	Affected by	VCID-vqe4-4q4r-aybe	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2105.json	38.0.0
2026-04-01T14:35:53.762467+00:00	RedHat Importer	Affected by	VCID-2xc4-7zg9-y7fw	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5387.json	38.0.0
2026-04-01T14:35:33.765269+00:00	RedHat Importer	Affected by	VCID-snj8-2smt-3kdv	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3110.json	38.0.0