Barry Finkel wrote: >Our cyber security group sent me notice of a vulnerability in >a Mailman web page: > > Web Application Potentially Sensitive CGI Parameter Detection > >I think it is the URL: > > mailman/create
Googling '"Web Application Potentially Sensitive CGI Parameter Detection" mailman' doesn't show me anything relevant to current Mailman. If there really is a Mailman security issue, please post the details to mailman-secur...@python.org. >As I do not use that web page to create a new Mailman list, I want to >disable that page. Is there an easy way to do it in Mailman, or do I Adam McGreggor has already replied suggesting denying access via the web server configuration. You could also just remove the create wrapper from Mailman's cgi-bin/ directory. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9