[Mailman-Users] Is mailman vulnerable to the httpoxy bug?
Perry E. Metzger
perry at piermont.com
Sat Jul 23 11:19:37 EDT 2016
On Fri, 22 Jul 2016 19:59:45 -0700 Mark Sapiro <mark at msapiro.net>
> And Mailman 2.1's CGIs will do absolutely nothing with an HTTP_PROXY
> environment variable. They won't look for it even if it's there.
> They look at things like query strings and POST data to determine
> what to do and then they write HTML to stdout.
Well, there are implicit things that use HTTP_PROXY. If mailman makes
any http requests itself, or calls anything that does, it might cause
trouble that it is in the environment. I take it that this is *not*
(The problem is not that cgi scripts explicitly look at HTTP_PROXY,
it is that many things *implicitly* look at it.)
Perry E. Metzger perry at piermont.com
More information about the Mailman-Users