[Mailman-Users] What does "Possible malformed path attack" actually mean?

Mark Sapiro mark at msapiro.net
Mon Sep 12 21:06:14 EDT 2016

On 09/12/2016 12:02 PM, Sebastian Hagedorn wrote:
> So far I haven't been able to understand what is going on. I can't find
> any questionable requests in Apache's access log from the GSA. Any ideas
> what could be causing this?

It is caused by an attempt to get a mailman URL that contains spaces or
characters not in the printable ascii set [\x21-\x7e].

The reason behind this is to disallow CR and LF in particular. This was
a security enhancement in Mailman 2.1.9. From the NEWS

- A malicious user could visit a specially crafted URI and inject an
  apparent log message into Mailman's error log which might induce an
  unsuspecting administrator to visit a phishing site.  This has been
  blocked.  Thanks to Moritz Naumann for its discovery.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/mailman-users/attachments/20160912/6d8a5065/attachment.sig>

More information about the Mailman-Users mailing list