Public bug reported: This is merely an annoyance in that it adds error reports to Mailman's error log. The web response is just the "we hit a bug" page, but we may wish to defend against these. We have seen errors like Jun 02 15:47:45 2017 admin(31978): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ admin(31978): [----- Mailman Version: 2.1.23 -----] admin(31978): [----- Traceback ------] admin(31978): Traceback (most recent call last): admin(31978): File "/srv/mailman/scripts/driver", line 117, in run_main admin(31978): main() admin(31978): File "/srv/mailman/Mailman/Cgi/subscribe.py", line 109, in main admin(31978): process_form(mlist, doc, cgidata, language) admin(31978): File "/srv/mailman/Mailman/Cgi/subscribe.py", line 147, in process_form admin(31978): ftime, fhash = cgidata.getvalue('sub_form_token', '').split(':') admin(31978): AttributeError: 'list' object has no attribute 'split' Jun 02 15:48:05 2017 admin(32270): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ admin(32270): [----- Mailman Version: 2.1.23 -----] admin(32270): [----- Traceback ------] admin(32270): Traceback (most recent call last): admin(32270): File "/srv/mailman/scripts/driver", line 117, in run_main admin(32270): main() admin(32270): File "/srv/mailman/Mailman/Cgi/listinfo.py", line 74, in main admin(32270): if not Utils.IsLanguage(language): admin(32270): File "/srv/mailman/Mailman/Utils.py", line 751, in IsLanguage admin(32270): return mm_cfg.LC_DESCRIPTIONS.has_key(lang) admin(32270): TypeError: unhashable type: 'list' Jun 02 17:24:06 2017 admin(6887): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ admin(6887): [----- Mailman Version: 2.1.23 -----] admin(6887): [----- Traceback ------] admin(6887): Traceback (most recent call last): admin(6887): File "/srv/mailman/scripts/driver", line 117, in run_main admin(6887): main() admin(6887): File "/srv/mailman/Mailman/Cgi/admin.py", line 118, in main admin(6887): cgidata.getvalue('adminpw', '')): admin(6887): File "/srv/mailman/Mailman/SecurityManager.py", line 238, in WebAuthenticate admin(6887): ac = self.Authenticate(authcontexts, response, user) admin(6887): File "/srv/mailman/Mailman/SecurityManager.py", line 180, in Authenticate admin(6887): sharesponse = sha_new(response).hexdigest() admin(6887): TypeError: must be string or buffer, not list The above all result from POST data or query fragments containing multiple values for the same parameter resultin in that parameter being passed to the CGI as a list rather than a string. We have also seen Jun 02 17:08:00 2017 admin(27163): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ admin(27163): [----- Mailman Version: 2.1.23 -----] admin(27163): [----- Traceback ------] admin(27163): Traceback (most recent call last): admin(27163): File "/srv/mailman/scripts/driver", line 117, in run_main admin(27163): main() admin(27163): File "/srv/mailman/Mailman/Cgi/options.py", line 113, in main admin(27163): params = cgidata.keys() admin(27163): File "/usr/lib/python2.7/cgi.py", line 582, in keys admin(27163): raise TypeError, "not indexable" admin(27163): TypeError: not indexable which comes from a POST with no post data. ** Affects: mailman Importance: Low Assignee: Mark Sapiro (msapiro) Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1695667 Title: Various web attacks cause CGI modules to throw uncaught exceptions To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1695667/+subscriptions