With all the scare regarding CVE-2014-6271, I've found little concrete information regarding the vulnerability's surface area. In particular, does an individual require terminal access to execute this exploit? I am aware that CGI services that call out to the shell can indirectly provide access to this vulnerability (as per The bash vulnerability CVE-2014-6271 . Can it affect my CGI perl scripts? How to understand this?), but what other vectors of attack exist?
Asked
Active
Viewed 130 times
1 Answers
2
No, looks like apache's mod_cgi and mod_cgid are gateways for bash environment code execution with a crafted HTTP request header.
Marcel
- 1,266
- 7
- 18
-
I do see this confirmed now that I know what to look for. I appreciate the feedback. – Justin Bell Sep 25 '14 at 16:38