--On 12. September 2016 um 18:06:14 -0700 Mark Sapiro <m...@msapiro.net> wrote:
On 09/12/2016 12:02 PM, Sebastian Hagedorn wrote:So far I haven't been able to understand what is going on. I can't find any questionable requests in Apache's access log from the GSA. Any ideas what could be causing this?It is caused by an attempt to get a mailman URL that contains spaces or characters not in the printable ascii set [\x21-\x7e]. The reason behind this is to disallow CR and LF in particular. This was a security enhancement in Mailman 2.1.9. From the NEWS - A malicious user could visit a specially crafted URI and inject an apparent log message into Mailman's error log which might induce an unsuspecting administrator to visit a phishing site. This has been blocked. Thanks to Moritz Naumann for its discovery.
Thanks. I figured out that the GSA is appending %20 to one of our many lists name:
134.95.x.x - - [13/Sep/2016:11:33:22 +0200] "GET /mailman/listinfo/list-name%20 HTTP/1.0" 200 7630 "-" "gsa-crawler (Enterprise; T4-XXXXXXXXX; redac...@uni-koeln.de)"
Now we only have to understand why ...
--
.:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:.
.:.Regionales Rechenzentrum (RRZK).:.
.:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:.
pgpniDrHH0YgP.pgp
Description: PGP signature
------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
