[Mailman-Users] Is mailman vulnerable to the httpoxy bug?
Perry E. Metzger
perry at piermont.com
Fri Jul 22 11:55:32 EDT 2016
On Wed, 20 Jul 2016 12:02:13 -0700 Mark Sapiro <mark at msapiro.net>
> On 07/19/2016 02:10 PM, Perry E. Metzger wrote:
> > https://httpoxy.org/ seems to impact any python program (among
> > many others) that runs under cgi. Does it cause trouble for
> > mailman? What is a reasonable mitigation?
> I am not an expert on httpoxy at all, but quoting from
> "httpoxy is a vulnerability for server-side web applications. If
> you’re not deploying code, you don’t need to worry."
> Mailman's web UI serves end user HTML pages. It does not deploy
Er, it uses CGI scripts, doesn't it? That's what it means to "deploy
code" in this context.
Perry E. Metzger perry at piermont.com
More information about the Mailman-Users