Gnu mailman detect and CVE 2021 42097 #6683
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Template / PR Information
When reviewing some nuclei findings for my domains, when crawling the directories I also found a mailman instance (which I had never heard of before today), and saw that it was also outdated.
I notice that GNU Mailman has a number of CVEs, and the /listinfo page might divulge some info to external users.
The particular instance I found was vulnerable to CVE-2021-42097, and I've created some templates and am sweeping all of my machines now.
I wanted to share incase someone else had these unbeknownst to them!
This is my first PR to Nuclei Templates , so I am sure I have messed something up.
Template Validation
I've validated this template locally?
Additional References: