[Mailman-Users] Is mailman vulnerable to the httpoxy bug?
Mark Sapiro
mark at msapiro.net
Wed Jul 20 15:02:13 EDT 2016
On 07/19/2016 02:10 PM, Perry E. Metzger wrote:
> https://httpoxy.org/ seems to impact any python program (among many
> others) that runs under cgi. Does it cause trouble for mailman? What
> is a reasonable mitigation?
I am not an expert on httpoxy at all, but quoting from
<https://httpoxy.org/#top>
"httpoxy is a vulnerability for server-side web applications. If you’re
not deploying code, you don’t need to worry."
Mailman's web UI serves end user HTML pages. It does not deploy code.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list