[Mailman-Users] Disabling mailman/create Web Page

Mark Sapiro mark at msapiro.net
Fri Sep 4 16:40:31 CEST 2009

Barry Finkel wrote:

>Our cyber security group sent me notice of a vulnerability in
>a Mailman web page:
>     Web Application Potentially Sensitive CGI Parameter Detection
>I think it is the URL:
>     mailman/create

Googling '"Web Application Potentially Sensitive CGI Parameter
Detection" mailman' doesn't show me anything relevant to current

If there really is a Mailman security issue, please post the details to
mailman-security at python.org.

>As I do not use that web page to create a new Mailman list, I want to
>disable that page.  Is there an easy way to do it in Mailman, or do I

Adam McGreggor has already replied suggesting denying access via the
web server configuration.

You could also just remove the create wrapper from Mailman's cgi-bin/

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list