[Mailman-Users] What does "Possible malformed path attack" actually mean?
Mark Sapiro
mark at msapiro.net
Mon Sep 12 21:06:14 EDT 2016
On 09/12/2016 12:02 PM, Sebastian Hagedorn wrote:
>
> So far I haven't been able to understand what is going on. I can't find
> any questionable requests in Apache's access log from the GSA. Any ideas
> what could be causing this?
It is caused by an attempt to get a mailman URL that contains spaces or
characters not in the printable ascii set [\x21-\x7e].
The reason behind this is to disallow CR and LF in particular. This was
a security enhancement in Mailman 2.1.9. From the NEWS
- A malicious user could visit a specially crafted URI and inject an
apparent log message into Mailman's error log which might induce an
unsuspecting administrator to visit a phishing site. This has been
blocked. Thanks to Moritz Naumann for its discovery.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/mailman-users/attachments/20160912/6d8a5065/attachment.sig>
More information about the Mailman-Users
mailing list