Family: CGI abuses --> Category: attack
Mailman Log Spoofing Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks if Mailman filters invalid chars from PATH_INFO
Detailed Explanation for this Vulnerability Test
The remote web server contains a Python application that is affected
by a log spoofing vulnerability.
The version of Mailman installed on the remote host fails to sanitize
user-supplied input before writing it to the application's 'error'
log. An unauthenticated remote attacker can leverage this flaw to
spoof log messages.
In addition, the application reportedly is affected by a denial of
service issue involving headers that do not conform to RFC 2231 as
well as several cross-site scripting vulnerabilities.
See also :
Upgrade to Mailman version 2.1.9 rc1 or later.
Low / CVSS Base Score : 2
Click HERE for more information and discussions on this network vulnerability scan.