{ "data": { "info": { "count": 13, "vuln_count": 14, "description": "The remote web server is affected by a command injection vulnerability in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables. This allows a remote attacker to execute arbitrary code via environment variable manipulation depending on the configuration of the system.", "synopsis": "The remote web server is affected by a remote code execution vulnerability.", "solution": "Apply the referenced patch.", "discovery": { "seen_first": "2019-12-31T17:15:52.000Z", "seen_last": "2019-12-31T22:53:45.000Z" }, "severity": 4, "plugin_details": { "family": "CGI abuses", "modification_date": "2017-12-31T00:00:00Z", "name": "GNU Bash Environment Variable Handling Code Injection (Shellshock)", "publication_date": "2014-12-31T00:00:00Z", "type": "remote", "version": null, "severity": 4 }, "reference_information": [ { "name": "bid", "url": "http://www.securityfocus.com/bid/", "values": [ 70103 ] }, { "name": "cert", "url": "http://www.kb.cert.org/vuls/id/", "values": [ "252743" ] }, { "name": "cve", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=", "values": [ "CVE-2014-6271" ] }, { "name": "edb-id", "url": "http://www.exploit-db.com/exploits/", "values": [ "34766", "34777", "34765" ] }, { "name": "iava", "values": [ "2014-A-0142" ] }, { "name": "osvdb", "values": [ "112004" ] } ], "risk_information": { "risk_factor": "Critical", "cvss_vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "cvss_base_score": "10.0", "cvss_temporal_vector": "E:F/RL:OF/RC:ND", "cvss_temporal_score": "8.3", "cvss3_vector": null, "cvss3_base_score": null, "cvss3_temporal_vector": null, "cvss3_temporal_score": null, "stig_severity": null }, "see_also": [ "http://seclists.org/oss-sec/2014/q3/650", "http://www.nessus.org/u?dacf7829", "https://www.invisiblethreat.ca/post/shellshock/" ], "vulnerability_information": { "vulnerability_publication_date": "2014-12-31T00:00:00Z", "exploited_by_malware": true, "patch_publication_date": "2014-12-31T00:00:00Z", "exploit_available": true, "exploitability_ease": null, "asset_inventory": null, "default_account": null, "exploited_by_nessus": null, "in_the_news": true, "malware": null, "unsupported_by_vendor": null, "cpe": null, "exploit_frameworks": [ { "name": "Core Impact" }, { "name": "Metasploit", "exploits": [ { "name": "Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)", "url": null } ] } ] }, "vpr": { "score": 9.6, "drivers": { "age_of_vuln": { "lower_bound": 731, "upper_bound": 0 }, "exploit_code_maturity": "HIGH", "cvss3_impact_score": 5.9, "cvss_impact_score_predicted": true, "threat_intensity_last28": "HIGH", "threat_recency": { "lower_bound": 0, "upper_bound": 7 }, "threat_sources_last28": [ "Others", "Mainstream Media", "Code Repo and Paste Bins" ], "product_coverage": "LOW" }, "updated": "2019-12-31T10:10:57Z" } } } }