ALAS-2014-419 — Vulnetix

ALAS-2014-419 PUBLISHED

Affected Products

Vendor	Product	Versions
Amazon	bash

Exploit Intelligence

CVE-2014-7169 Shell Shock (github-poc)
gina-alaska/bash-cve-2014-7169-cookbook (github-poc)
DEPRECATED: Chef cookbook to audit & remediate "Shellshock" (BASH-CVE-2014-7169) (github-poc)
Attempts to exploit the "shellshock" vulnerability (CVE-2014-6271 and CVE-2014-7169) in web applications. To detect this vulnerability the script executes a command that prints a random string and then attempts to find it inside the response body. Web apps that don't print back information won't be detected with this method. By default the script injects the payload in the HTTP headers User-Agent, Cookie, and Referer. Vulnerability originally discovered by Stephane Chazelas. References: * htt... (nmap-nse)
486_rulesets-cloudflare-managed-free-ruleset-77454fe2d30c4220b5701f6fdfb893ba.json (github-poc)
cfm_waf_detectors.lua (github-poc)
kev.json (github-poc)
data.js (github-poc)

Timeline

Sep 24, 2014 CVE Published
Jan 17, 2015 PoC Published

References

ALAS-2014-419: bash (important) advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›