|
gptkbp:instance_of
|
gptkb:pharmaceuticals
|
|
gptkbp:affected_platforms
|
Linux, mac OS.
|
|
gptkbp:affected_products
|
Various web servers and applications.
|
|
gptkbp:attack_complexity
|
gptkb:Low
|
|
gptkbp:availability
|
gptkb:None
|
|
gptkbp:base_score
|
10.0
|
|
gptkbp:components
|
Bash shell.
|
|
gptkbp:data_privacy
|
gptkb:High
|
|
gptkbp:description
|
A vulnerability in the Bash shell that allows remote attackers to execute arbitrary code via crafted environment variables.
|
|
gptkbp:difficulty
|
gptkb:Low
|
|
gptkbp:difficulty_levels
|
Critical
|
|
gptkbp:discovery
|
Public disclosure
|
|
gptkbp:discovery_year
|
2014-09-24
|
|
gptkbp:distributor
|
gptkb:Gnu_PG
|
|
gptkbp:environmental_initiatives
|
Apply patches and updates.
|
|
gptkbp:exploit_availability
|
Publicly available.
|
|
gptkbp:exploit_code
|
Available
|
|
gptkbp:exploit_description
|
Exploited through crafted HTTP requests.
|
|
gptkbp:exploit_impact
|
Severe.
|
|
gptkbp:exploit_method
|
HTTP request manipulation.
|
|
gptkbp:exploit_risk
|
High.
|
|
gptkbp:first_published
|
2019-10-03
|
|
gptkbp:has_enemies
|
gptkb:networking
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
CVE-2014-6271
|
|
gptkbp:human_interaction
|
gptkb:None
|
|
gptkbp:impact
|
Remote code execution
Allows attackers to execute arbitrary commands.
Critical impact on security.
|
|
gptkbp:impact_severity
|
gptkb:High
|
|
gptkbp:is_referenced_in
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2014-6271
https://nvd.nist.gov/vuln/detail/ CVE-2014-6271
https://www.securityfocus.com/bid/69812
https://www.us-cert.cisa.gov/ncas/alerts/2014/ SA14-268 A
|
|
gptkbp:is_vulnerable_to
|
gptkb:Shellshock
3.9
Exploitable remotely
Remote code execution vulnerability.
|
|
gptkbp:latest_version
|
Bash versions prior to 4.3
|
|
gptkbp:patch_available
|
gptkb:Yes
|
|
gptkbp:prevention
|
Update Bash to the latest version.
|
|
gptkbp:privileges_required
|
gptkb:None
|
|
gptkbp:protocol
|
gptkb:None
|
|
gptkbp:provides_support_for
|
gptkb:Bash
Unix-like operating systems
|
|
gptkbp:publication_year
|
2014-09-24
|
|
gptkbp:regulatory_compliance
|
Multiple security advisories issued.
|
|
gptkbp:remediation_advice
|
Update to the latest version of Bash.
|
|
gptkbp:reports_to
|
gptkb:US-CERT
2014-09-24
|
|
gptkbp:scope
|
Unchanged
|
|
gptkbp:score
|
10.0
|
|
gptkbp:security
|
gptkb:High
High.
Available.
|
|
gptkbp:security_advisory_link
|
https://www.cisa.gov/uscert/ncas/alerts/2014/ SA14-268 A
|
|
gptkbp:status
|
Resolved
|
|
gptkbp:type
|
Code execution vulnerability
|
|
gptkbp:vector
|
gptkb:networking
|
|
gptkbp:vulnerability_category
|
Remote code execution.
|
|
gptkbp:vulnerability_class
|
Injection
|
|
gptkbp:vulnerability_disclosure
|
Publicly disclosed.
|
|
gptkbp:vulnerability_impact
|
Allows arbitrary code execution.
|
|
gptkbp:vulnerability_severity
|
Critical.
|
|
gptkbp:vulnerability_source
|
Publicly disclosed.
|
|
gptkbp:vulnerability_status
|
Patched.
|
|
gptkbp:vulnerability_type_description
|
Allows remote attackers to execute arbitrary code.
|
|
gptkbp:bfsParent
|
gptkb:Shellshock
|
|
gptkbp:bfsLayer
|
5
|