This article is a part of our Web Security Knowledge Base (back to index)

Why “Remote Code Execution - Shell Shock” can be dangerous

This vulnerability allows the attacker to remotely execute bash commands from environment variables on the server, i.e. Remote Code Execution. Although Bash is not an internet-facing service many other services use environment variables to communicate with the server so the severity of the attack depends on the server configuration. This vulnerability can lead to replacement of vital server resources and take over of the system.

How to fix “Remote Code Execution - Shell Shock”

Update Bash on your server to the version 4.3 or above.

How does ScanRepeat report “Remote Code Execution - Shell Shock”

ScanRepeat sends a HTTP request to the host server which contains a prepared char sequence with the command to delay the response. It reports every occurence of vulnerability, which executed the bash command and delayed the response.

Would you like to test your application now against this problem? Sign up for our free trial

Scan Your Web App Now
Scan your application
for 14 days for free

No credit card is required. No commitment.

Sign Up Free