[Mailman-Users] Disabling mailman/create Web Page
Mark Sapiro
mark at msapiro.net
Fri Sep 4 16:40:31 CEST 2009
Barry Finkel wrote:
>Our cyber security group sent me notice of a vulnerability in
>a Mailman web page:
>
> Web Application Potentially Sensitive CGI Parameter Detection
>
>I think it is the URL:
>
> mailman/create
Googling '"Web Application Potentially Sensitive CGI Parameter
Detection" mailman' doesn't show me anything relevant to current
Mailman.
If there really is a Mailman security issue, please post the details to
mailman-security at python.org.
>As I do not use that web page to create a new Mailman list, I want to
>disable that page. Is there an easy way to do it in Mailman, or do I
Adam McGreggor has already replied suggesting denying access via the
web server configuration.
You could also just remove the create wrapper from Mailman's cgi-bin/
directory.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list