1. Home
  2. Vulnerabilities
  3. CVE-2014-6278

CVE-2014-6278 (ShellShock)

CVSS v2.0 10 (High)
100% Progress
EPSS 97.30 % (100th)
97.30% Progress
Affected Products 1
Advisories 10
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.

Weaknesses
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Alias
Related CVEs
CVE Status
PUBLISHED
CNA
Debian GNU/Linux
Published Date
2014-09-30 10:55:04
(10 years ago)
Updated Date
2021-11-17 22:15:36
(2 years ago)

Affected Products

Gnu

Configuration #1

    CPE23 From Up To
  Gnu Bash 1.14.0 cpe:2.3:a:gnu:bash:1.14.0
  Gnu Bash 1.14.1 cpe:2.3:a:gnu:bash:1.14.1
  Gnu Bash 1.14.2 cpe:2.3:a:gnu:bash:1.14.2
  Gnu Bash 1.14.3 cpe:2.3:a:gnu:bash:1.14.3
  Gnu Bash 1.14.4 cpe:2.3:a:gnu:bash:1.14.4
  Gnu Bash 1.14.5 cpe:2.3:a:gnu:bash:1.14.5
  Gnu Bash 1.14.6 cpe:2.3:a:gnu:bash:1.14.6
  Gnu Bash 1.14.7 cpe:2.3:a:gnu:bash:1.14.7
  Gnu Bash 2.0 cpe:2.3:a:gnu:bash:2.0
  Gnu Bash 2.01 cpe:2.3:a:gnu:bash:2.01
  Gnu Bash 2.01.1 cpe:2.3:a:gnu:bash:2.01.1
  Gnu Bash 2.02 cpe:2.3:a:gnu:bash:2.02
  Gnu Bash 2.02.1 cpe:2.3:a:gnu:bash:2.02.1
  Gnu Bash 2.03 cpe:2.3:a:gnu:bash:2.03
  Gnu Bash 2.04 cpe:2.3:a:gnu:bash:2.04
  Gnu Bash 2.05 cpe:2.3:a:gnu:bash:2.05
  Gnu Bash 2.05 A cpe:2.3:a:gnu:bash:2.05:a
  Gnu Bash 2.05 B cpe:2.3:a:gnu:bash:2.05:b
  Gnu Bash 3.0 cpe:2.3:a:gnu:bash:3.0
  Gnu Bash 3.0.16 cpe:2.3:a:gnu:bash:3.0.16
  Gnu Bash 3.1 cpe:2.3:a:gnu:bash:3.1
  Gnu Bash 3.2 cpe:2.3:a:gnu:bash:3.2
  Gnu Bash 3.2.48 cpe:2.3:a:gnu:bash:3.2.48
  Gnu Bash 4.0 cpe:2.3:a:gnu:bash:4.0
  Gnu Bash 4.0 Rc1 cpe:2.3:a:gnu:bash:4.0:rc1
  Gnu Bash 4.1 cpe:2.3:a:gnu:bash:4.1
  Gnu Bash 4.2 cpe:2.3:a:gnu:bash:4.2
  Gnu Bash 4.3 cpe:2.3:a:gnu:bash:4.3