Rule: -- Sid: 3131 -- Summary: This event is generated when an attempt is made to exploit a known vulnerability in GNU Mailman. -- Impact: Information disclosure. -- Detailed Information: GNU Mailman is used to manage mailing lists. It is written in Python and is available on a variety of platforms. GNU Mailman when used with webservers that do not remove extra slashes from URLs, is prone to a directory traversal attack that may allow an attacker access to sensitive files on an affected system. -- Affected Systems: GNU Mailman in conjunction with Apache 1.3.x -- Attack Scenarios: An attacker can supply extra slashes and dots (....///) to a URL to escape the web root and access other parts of the host filesystem. -- Ease of Attack: Simple. Exploit software is not required. -- False Positives: None known. -- False Negatives: None known. -- Corrective Action: Apply the appropriate vendor supplied patches. -- Contributors: Sourcefire Vulnerability Research Team Brian Caswell <bmc@sourcefire.com> Nigel Houghton <nigel.houghton@sourcefire.com> -- Additional References: --