Shellshock Command Execution Vulnerability CVE-2014-6271 Scanner

Details
Stay Up To Date
Asset Type

domain,ip,url

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

15

Shellshock Command Execution Vulnerability CVE-2014-6271 Scanner Detail

Attempts to exploit the "shellshock" vulnerability (CVE-2014-6271 and CVE-2014-7169) in web applications

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

Some Advice for Common Problems

You have to update your bash package.

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service