From ${URL} : Monkey HTTPD - Mandril security plugin Mandril is a plugin which provides a security layer to Monkey through rules which can be applied to the request URI or by network address. A vulnerability was found in the way as the URI are validated. The plugin check the configuration rules against possible encoded URIs. PoC --- Configuration sample: [RULES] Deny_URL /test/ To bypass such rule, we just need to make a request like: http://yourhost/%2ftest/ Report ------ http://bugs.monkey-project.com/ticket/186 CREDITS ------- Felipe Pena @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
This has been long fix. See https://github.com/monkey/monkey/issues/92
(In reply to Anthony Basile from comment #1) > This has been long fix. See > Do you know what version it was fixed in, just for completeness, before we close.
(In reply to Yury German from comment #2) > (In reply to Anthony Basile from comment #1) > > This has been long fix. See > > > > Do you know what version it was fixed in, just for completeness, before we > close. The commit went in on May 20 and would have been pushed out in 1.5.1.
Arches and Maintainer(s), Thank you for your work. GLSA Vote: No
NO too, closing. Thanks everyone.
