On 09/12/2016 12:02 PM, Sebastian Hagedorn wrote: > > So far I haven't been able to understand what is going on. I can't find > any questionable requests in Apache's access log from the GSA. Any ideas > what could be causing this?
It is caused by an attempt to get a mailman URL that contains spaces or characters not in the printable ascii set [\x21-\x7e]. The reason behind this is to disallow CR and LF in particular. This was a security enhancement in Mailman 2.1.9. From the NEWS - A malicious user could visit a specially crafted URI and inject an apparent log message into Mailman's error log which might induce an unsuspecting administrator to visit a phishing site. This has been blocked. Thanks to Moritz Naumann for its discovery. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
