Shellshock: Keep Calm and Mitigate | @DevOpsSummit [#DevOps]

October 11, 2014 Posted By: Leave a comment
Shellshock, appropriately and of course punnily named, is ravaging the Internet right now. Active exploits continue to grow in number and in complexity. While there are multiple avenues through which this vulnerability can be exploited, the most active one at the moment appears to be via vulnerable Internet-facing systems running web applications. These attacks take advantage of the lax constraints on HTTP headers that allow strings of nearly limitless length to be passed not just to the web server, but on to the system via CGI. Once passed, a 22 year old GNU Bash vulnerability allows the code embedded in the HTTP header to be executed.

read more

Subscribe to Applenews247.Com Newsletter

Leave a Reply

Your email address will not be published. Required fields are marked *

*

CAPTCHA Image

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>