Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Mailman private.py Directory Traversal Vulnerability
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Authenticated Mailman users can view arbitrary files on the remote host. According to its version number, the remote installation of Mailman reportedly is prone to a directory traversal vulnerability in 'Cgi/private.py'.
Insight
Insight
The flaw comes into play only on web servers that don't strip extraneous slashes from URLs, such as Apache 1.3.x, and allows a list subscriber, using a specially crafted web request, to retrieve arbitrary files from the server - any file accessible by the user under which the web server operates, including email addresses and passwords of subscribers of any lists hosted on the server. For example, if '$user' and '$pass' identify a subscriber of the list '$listname@$target', then the following URL : http://example.com/mailman/private/$listname/.../....///mailman?username=$user&password=$pass allows access to archives for the mailing list named 'mailman' for which the user might not otherwise be entitled.
Solution
Solution
Upgrade to Mailman 2.1.6b1 or apply the fix referenced in the first URL above.