CVE-2014-6277

10.0

HIGH CVSS 2.0

Apache HTTP Server Bash Environment Variable Injection Vulnerability

Description

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.

INFO

Published Date :

Sept. 27, 2014, 10:55 p.m.

Last Modified :

April 12, 2025, 10:46 a.m.

Remotely Exploit :

Yes !

Source :

[email protected]

Affected Products

The following products are affected by CVE-2014-6277 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product	Action
1	Gnu	bash

: Total Affected Vendor : 1 | Products : 1

CVSS Scores

The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.

Score	Version	Severity	Vector	Exploitability Score	Impact Score	Source
	CVSS 2.0	HIGH				[email protected]

Solution

This vulnerability allows for arbitrary code execution. It is recommended to update affected software to resolve this issue.

Update the affected bash package.
Apply the relevant patches or upgrades as recommended by the vendor advisories.

Public PoC/Exploit Available at Github

CVE-2014-6277 has a 22 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2014-6277.

URL	Resource
http://jvn.jp/en/jp/JVN55667175/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126
http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html	Exploit Patch
http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html
http://linux.oracle.com/errata/ELSA-2014-3093
http://linux.oracle.com/errata/ELSA-2014-3094
http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html
http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html
http://marc.info/?l=bugtraq&m=141330468527613&w=2
http://marc.info/?l=bugtraq&m=141345648114150&w=2
http://marc.info/?l=bugtraq&m=141383026420882&w=2
http://marc.info/?l=bugtraq&m=141383081521087&w=2
http://marc.info/?l=bugtraq&m=141383196021590&w=2
http://marc.info/?l=bugtraq&m=141383244821813&w=2
http://marc.info/?l=bugtraq&m=141383304022067&w=2
http://marc.info/?l=bugtraq&m=141383353622268&w=2
http://marc.info/?l=bugtraq&m=141383465822787&w=2
http://marc.info/?l=bugtraq&m=141450491804793&w=2
http://marc.info/?l=bugtraq&m=141576728022234&w=2
http://marc.info/?l=bugtraq&m=141577137423233&w=2
http://marc.info/?l=bugtraq&m=141577241923505&w=2
http://marc.info/?l=bugtraq&m=141577297623641&w=2
http://marc.info/?l=bugtraq&m=141585637922673&w=2
http://marc.info/?l=bugtraq&m=141879528318582&w=2
http://marc.info/?l=bugtraq&m=141879528318582&w=2
http://marc.info/?l=bugtraq&m=142118135300698&w=2
http://marc.info/?l=bugtraq&m=142118135300698&w=2
http://marc.info/?l=bugtraq&m=142118135300698&w=2
http://marc.info/?l=bugtraq&m=142289270617409&w=2
http://marc.info/?l=bugtraq&m=142289270617409&w=2
http://marc.info/?l=bugtraq&m=142358026505815&w=2
http://marc.info/?l=bugtraq&m=142358026505815&w=2
http://marc.info/?l=bugtraq&m=142358078406056&w=2
http://marc.info/?l=bugtraq&m=142721162228379&w=2
http://marc.info/?l=bugtraq&m=142721162228379&w=2
http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html
http://secunia.com/advisories/58200
http://secunia.com/advisories/59907
http://secunia.com/advisories/59961
http://secunia.com/advisories/60024
http://secunia.com/advisories/60034
http://secunia.com/advisories/60044
http://secunia.com/advisories/60055
http://secunia.com/advisories/60063
http://secunia.com/advisories/60193
http://secunia.com/advisories/60325
http://secunia.com/advisories/60433
http://secunia.com/advisories/61065
http://secunia.com/advisories/61128
http://secunia.com/advisories/61129
http://secunia.com/advisories/61283
http://secunia.com/advisories/61287
http://secunia.com/advisories/61291
http://secunia.com/advisories/61312
http://secunia.com/advisories/61313
http://secunia.com/advisories/61328
http://secunia.com/advisories/61442
http://secunia.com/advisories/61471
http://secunia.com/advisories/61485
http://secunia.com/advisories/61503
http://secunia.com/advisories/61550
http://secunia.com/advisories/61552
http://secunia.com/advisories/61565
http://secunia.com/advisories/61603
http://secunia.com/advisories/61633
http://secunia.com/advisories/61641
http://secunia.com/advisories/61643
http://secunia.com/advisories/61654
http://secunia.com/advisories/61703
http://secunia.com/advisories/61780
http://secunia.com/advisories/61816
http://secunia.com/advisories/61857
http://secunia.com/advisories/62312
http://secunia.com/advisories/62343
http://support.apple.com/HT204244
http://support.novell.com/security/cve/CVE-2014-6277.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915
http://www-01.ibm.com/support/docview.wss?uid=swg21685541
http://www-01.ibm.com/support/docview.wss?uid=swg21685604
http://www-01.ibm.com/support/docview.wss?uid=swg21685733
http://www-01.ibm.com/support/docview.wss?uid=swg21685749
http://www-01.ibm.com/support/docview.wss?uid=swg21685914
http://www-01.ibm.com/support/docview.wss?uid=swg21686131
http://www-01.ibm.com/support/docview.wss?uid=swg21686246
http://www-01.ibm.com/support/docview.wss?uid=swg21686445
http://www-01.ibm.com/support/docview.wss?uid=swg21686479
http://www-01.ibm.com/support/docview.wss?uid=swg21686494
http://www-01.ibm.com/support/docview.wss?uid=swg21687079
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315
http://www.mandriva.com/security/advisories?name=MDVSA-2015:164
http://www.novell.com/support/kb/doc.php?id=7015721
http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html
http://www.qnap.com/i/en/support/con_show.php?cid=61
http://www.ubuntu.com/usn/USN-2380-1
http://www.vmware.com/security/advisories/VMSA-2014-0010.html
https://kb.bluecoat.com/index?page=content&id=SA82
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648
https://kc.mcafee.com/corporate/index?page=content&id=SB10085
https://support.apple.com/HT205267
https://support.citrix.com/article/CTX200217
https://support.citrix.com/article/CTX200223
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts
https://www.suse.com/support/shellshock/
http://jvn.jp/en/jp/JVN55667175/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126
http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html	Exploit Patch
http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html
http://linux.oracle.com/errata/ELSA-2014-3093
http://linux.oracle.com/errata/ELSA-2014-3094
http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html
http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html
http://marc.info/?l=bugtraq&m=141330468527613&w=2
http://marc.info/?l=bugtraq&m=141345648114150&w=2
http://marc.info/?l=bugtraq&m=141383026420882&w=2
http://marc.info/?l=bugtraq&m=141383081521087&w=2
http://marc.info/?l=bugtraq&m=141383196021590&w=2
http://marc.info/?l=bugtraq&m=141383244821813&w=2
http://marc.info/?l=bugtraq&m=141383304022067&w=2
http://marc.info/?l=bugtraq&m=141383353622268&w=2
http://marc.info/?l=bugtraq&m=141383465822787&w=2
http://marc.info/?l=bugtraq&m=141450491804793&w=2
http://marc.info/?l=bugtraq&m=141576728022234&w=2
http://marc.info/?l=bugtraq&m=141577137423233&w=2
http://marc.info/?l=bugtraq&m=141577241923505&w=2
http://marc.info/?l=bugtraq&m=141577297623641&w=2
http://marc.info/?l=bugtraq&m=141585637922673&w=2
http://marc.info/?l=bugtraq&m=141879528318582&w=2
http://marc.info/?l=bugtraq&m=141879528318582&w=2
http://marc.info/?l=bugtraq&m=142118135300698&w=2
http://marc.info/?l=bugtraq&m=142118135300698&w=2
http://marc.info/?l=bugtraq&m=142118135300698&w=2
http://marc.info/?l=bugtraq&m=142289270617409&w=2
http://marc.info/?l=bugtraq&m=142289270617409&w=2
http://marc.info/?l=bugtraq&m=142358026505815&w=2
http://marc.info/?l=bugtraq&m=142358026505815&w=2
http://marc.info/?l=bugtraq&m=142358078406056&w=2
http://marc.info/?l=bugtraq&m=142721162228379&w=2
http://marc.info/?l=bugtraq&m=142721162228379&w=2
http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html
http://secunia.com/advisories/58200
http://secunia.com/advisories/59907
http://secunia.com/advisories/59961
http://secunia.com/advisories/60024
http://secunia.com/advisories/60034
http://secunia.com/advisories/60044
http://secunia.com/advisories/60055
http://secunia.com/advisories/60063
http://secunia.com/advisories/60193
http://secunia.com/advisories/60325
http://secunia.com/advisories/60433
http://secunia.com/advisories/61065
http://secunia.com/advisories/61128
http://secunia.com/advisories/61129
http://secunia.com/advisories/61283
http://secunia.com/advisories/61287
http://secunia.com/advisories/61291
http://secunia.com/advisories/61312
http://secunia.com/advisories/61313
http://secunia.com/advisories/61328
http://secunia.com/advisories/61442
http://secunia.com/advisories/61471
http://secunia.com/advisories/61485
http://secunia.com/advisories/61503
http://secunia.com/advisories/61550
http://secunia.com/advisories/61552
http://secunia.com/advisories/61565
http://secunia.com/advisories/61603
http://secunia.com/advisories/61633
http://secunia.com/advisories/61641
http://secunia.com/advisories/61643
http://secunia.com/advisories/61654
http://secunia.com/advisories/61703
http://secunia.com/advisories/61780
http://secunia.com/advisories/61816
http://secunia.com/advisories/61857
http://secunia.com/advisories/62312
http://secunia.com/advisories/62343
http://support.apple.com/HT204244
http://support.novell.com/security/cve/CVE-2014-6277.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915
http://www-01.ibm.com/support/docview.wss?uid=swg21685541
http://www-01.ibm.com/support/docview.wss?uid=swg21685604
http://www-01.ibm.com/support/docview.wss?uid=swg21685733
http://www-01.ibm.com/support/docview.wss?uid=swg21685749
http://www-01.ibm.com/support/docview.wss?uid=swg21685914
http://www-01.ibm.com/support/docview.wss?uid=swg21686131
http://www-01.ibm.com/support/docview.wss?uid=swg21686246
http://www-01.ibm.com/support/docview.wss?uid=swg21686445
http://www-01.ibm.com/support/docview.wss?uid=swg21686479
http://www-01.ibm.com/support/docview.wss?uid=swg21686494
http://www-01.ibm.com/support/docview.wss?uid=swg21687079
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315
http://www.mandriva.com/security/advisories?name=MDVSA-2015:164
http://www.novell.com/support/kb/doc.php?id=7015721
http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html
http://www.qnap.com/i/en/support/con_show.php?cid=61
http://www.ubuntu.com/usn/USN-2380-1
http://www.vmware.com/security/advisories/VMSA-2014-0010.html
https://kb.bluecoat.com/index?page=content&id=SA82
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648
https://kc.mcafee.com/corporate/index?page=content&id=SB10085
https://support.apple.com/HT205267
https://support.citrix.com/article/CTX200217
https://support.citrix.com/article/CTX200223
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts
https://www.suse.com/support/shellshock/

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2014-6277 is associated with the following CWEs:

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2014-6277 weaknesses.

CAPEC-6: Argument Injection Argument Injection CAPEC-15: Command Delimiters Command Delimiters CAPEC-43: Exploiting Multiple Input Interpretation Layers Exploiting Multiple Input Interpretation Layers CAPEC-88: OS Command Injection OS Command Injection CAPEC-108: Command Line Execution through SQL Injection Command Line Execution through SQL Injection

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

abdullah89255/Shellshock

None

Updated: 2 months, 4 weeks ago

0 stars 0 fork 0 watcher

Born at : May 26, 2025, 1:33 p.m. This repo has been linked 6 different CVEs too.

NINNiT/shellshock-lab

a *VULNERABLE* docker image containing bash 4.1

Dockerfile Shell PHP

Updated: 7 months ago

0 stars 0 fork 0 watcher

Born at : Jan. 12, 2025, 4:20 p.m. This repo has been linked 6 different CVEs too.

IZAORICASTm/CHARQITO_NET

El charqito net

bash bash-script

Shell

Updated: 11 months, 2 weeks ago

1 stars 0 fork 0 watcher

Born at : May 14, 2024, 12:49 p.m. This repo has been linked 3 different CVEs too.

demining/ShellShock-Attack

ShellShock Attack vulnerability on “Bitcoin” & “Ethereum” server discovered in GNU Bash cryptocurrency exchange

attack bash bitcoin bitcoin-wallet gnu gnu-linux hacking shell vulnerability blockchain blockchain-technology

Shell Python PHP HTML JavaScript

Updated: 9 months, 3 weeks ago

5 stars 2 fork 2 watcher

Born at : Sept. 9, 2023, 11:56 a.m. This repo has been linked 6 different CVEs too.

giterlizzi/secdb-feeds

SecDB - Security Feeds

cve security-feeds vulnerability

Updated: 2 weeks, 1 day ago

0 stars 0 fork 0 watcher

Born at : July 1, 2022, 8:37 p.m. This repo has been linked 102 different CVEs too.

readloud/ShellShockHunter-v1.0

It's a simple tool for test vulnerability shellshock

shellshock shellshock-vulnerability shellshock-trainer

Python

Updated: 3 years, 5 months ago

0 stars 0 fork 0 watcher

Born at : March 8, 2022, 5:44 a.m. This repo has been linked 6 different CVEs too.

swapravo/cvesploit

Find SearchSploit exploits by CVE-IDs / dpkg status file

searchsploit exploits cve

Python

Updated: 4 years, 1 month ago

1 stars 2 fork 2 watcher

Born at : July 14, 2021, 8:29 a.m. This repo has been linked 3 different CVEs too.

MrCl0wnLab/ShellShockHunter

It's a simple tool for test vulnerability shellshock

python hacking shellshock vulnerability scanner security-tools

Python

Updated: 5 months, 4 weeks ago

116 stars 34 fork 34 watcher

Born at : Feb. 1, 2021, 7:10 a.m. This repo has been linked 6 different CVEs too.

inspirion87/w-test

None

Updated: 5 years, 9 months ago

0 stars 0 fork 0 watcher

Born at : Oct. 28, 2019, 1:54 p.m. This repo has been linked 6 different CVEs too.

revl-ca/scan-docker-image

None

Shell

Updated: 6 years, 1 month ago

0 stars 0 fork 0 watcher

Born at : July 18, 2019, 10:49 p.m. This repo has been linked 124 different CVEs too.

oneoy/cve-

None

C Perl 6 Perl ASP HTML Rich Text Format Visual Basic TeX Assembly Shell

Updated: 1 year ago

1 stars 1 fork 1 watcher

Born at : June 13, 2019, 1:51 p.m. This repo has been linked 308 different CVEs too.

xdistro/ShellShock

:octocat: Shellshock is a vulnerability in GNU's bash shell that gives attackers access to run remote commands on a vulnerable system

Shell HTML JavaScript CSS

Updated: 10 months, 1 week ago

7 stars 2 fork 2 watcher

Born at : Aug. 30, 2015, 9:57 a.m. This repo has been linked 6 different CVEs too.

mrash/afl-cve

A collection of vulnerabilities discovered by the AFL fuzzer (afl-fuzz)

Updated: 6 months, 2 weeks ago

92 stars 16 fork 16 watcher

Born at : Aug. 27, 2015, 12:26 a.m. This repo has been linked 332 different CVEs too.

mudongliang/LinuxFlaw

The vm images in this repo are lost, we recommend our new project: https://github.com/hust-open-atom-club/S2VulnHub

linux vulnerability reproduction cve edb

Shell C Perl PHP TeX Python Assembly Makefile HTML XSLT

Updated: 1 month, 2 weeks ago

331 stars 74 fork 74 watcher

Born at : July 30, 2015, 10:36 a.m. This repo has been linked 309 different CVEs too.

googleinurl/Xpl-SHELLSHOCK-Ch3ck

The tool inject a malicious user agent that allows exploring the vulnerabildiade sheelshock running server-side commands.

PHP

Updated: 1 year, 8 months ago

9 stars 2 fork 2 watcher

Born at : May 1, 2015, 7:39 p.m. This repo has been linked 6 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2014-6277 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2014-6277 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

CVE Modified by af854a3a-2127-422b-91ae-364da2661108

Nov. 21, 2024

Action	Type	New Value
Added	Reference	http://jvn.jp/en/jp/JVN55667175/index.html
Added	Reference	http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126
Added	Reference	http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html
Added	Reference	http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html
Added	Reference	http://linux.oracle.com/errata/ELSA-2014-3093
Added	Reference	http://linux.oracle.com/errata/ELSA-2014-3094
Added	Reference	http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
Added	Reference	http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
Added	Reference	http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html
Added	Reference	http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html
Added	Reference	http://marc.info/?l=bugtraq&m=141330468527613&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=141345648114150&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=141383026420882&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=141383081521087&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=141383196021590&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=141383244821813&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=141383304022067&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=141383353622268&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=141383465822787&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=141450491804793&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=141576728022234&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=141577137423233&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=141577241923505&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=141577297623641&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=141585637922673&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=141879528318582&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=141879528318582&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=142118135300698&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=142118135300698&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=142118135300698&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=142289270617409&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=142289270617409&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=142358026505815&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=142358026505815&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=142358078406056&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=142721162228379&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=142721162228379&w=2
Added	Reference	http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html
Added	Reference	http://secunia.com/advisories/58200
Added	Reference	http://secunia.com/advisories/59907
Added	Reference	http://secunia.com/advisories/59961
Added	Reference	http://secunia.com/advisories/60024
Added	Reference	http://secunia.com/advisories/60034
Added	Reference	http://secunia.com/advisories/60044
Added	Reference	http://secunia.com/advisories/60055
Added	Reference	http://secunia.com/advisories/60063
Added	Reference	http://secunia.com/advisories/60193
Added	Reference	http://secunia.com/advisories/60325
Added	Reference	http://secunia.com/advisories/60433
Added	Reference	http://secunia.com/advisories/61065
Added	Reference	http://secunia.com/advisories/61128
Added	Reference	http://secunia.com/advisories/61129
Added	Reference	http://secunia.com/advisories/61283
Added	Reference	http://secunia.com/advisories/61287
Added	Reference	http://secunia.com/advisories/61291
Added	Reference	http://secunia.com/advisories/61312
Added	Reference	http://secunia.com/advisories/61313
Added	Reference	http://secunia.com/advisories/61328
Added	Reference	http://secunia.com/advisories/61442
Added	Reference	http://secunia.com/advisories/61471
Added	Reference	http://secunia.com/advisories/61485
Added	Reference	http://secunia.com/advisories/61503
Added	Reference	http://secunia.com/advisories/61550
Added	Reference	http://secunia.com/advisories/61552
Added	Reference	http://secunia.com/advisories/61565
Added	Reference	http://secunia.com/advisories/61603
Added	Reference	http://secunia.com/advisories/61633
Added	Reference	http://secunia.com/advisories/61641
Added	Reference	http://secunia.com/advisories/61643
Added	Reference	http://secunia.com/advisories/61654
Added	Reference	http://secunia.com/advisories/61703
Added	Reference	http://secunia.com/advisories/61780
Added	Reference	http://secunia.com/advisories/61816
Added	Reference	http://secunia.com/advisories/61857
Added	Reference	http://secunia.com/advisories/62312
Added	Reference	http://secunia.com/advisories/62343
Added	Reference	http://support.apple.com/HT204244
Added	Reference	http://support.novell.com/security/cve/CVE-2014-6277.html
Added	Reference	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
Added	Reference	http://www.mandriva.com/security/advisories?name=MDVSA-2015:164
Added	Reference	http://www.novell.com/support/kb/doc.php?id=7015721
Added	Reference	http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html
Added	Reference	http://www.qnap.com/i/en/support/con_show.php?cid=61
Added	Reference	http://www.ubuntu.com/usn/USN-2380-1
Added	Reference	http://www.vmware.com/security/advisories/VMSA-2014-0010.html
Added	Reference	http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272
Added	Reference	http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279
Added	Reference	http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361
Added	Reference	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879
Added	Reference	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897
Added	Reference	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898
Added	Reference	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915
Added	Reference	http://www-01.ibm.com/support/docview.wss?uid=swg21685541
Added	Reference	http://www-01.ibm.com/support/docview.wss?uid=swg21685604
Added	Reference	http://www-01.ibm.com/support/docview.wss?uid=swg21685733
Added	Reference	http://www-01.ibm.com/support/docview.wss?uid=swg21685749
Added	Reference	http://www-01.ibm.com/support/docview.wss?uid=swg21685914
Added	Reference	http://www-01.ibm.com/support/docview.wss?uid=swg21686131
Added	Reference	http://www-01.ibm.com/support/docview.wss?uid=swg21686246
Added	Reference	http://www-01.ibm.com/support/docview.wss?uid=swg21686445
Added	Reference	http://www-01.ibm.com/support/docview.wss?uid=swg21686479
Added	Reference	http://www-01.ibm.com/support/docview.wss?uid=swg21686494
Added	Reference	http://www-01.ibm.com/support/docview.wss?uid=swg21687079
Added	Reference	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315
Added	Reference	https://kb.bluecoat.com/index?page=content&id=SA82
Added	Reference	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648
Added	Reference	https://kc.mcafee.com/corporate/index?page=content&id=SB10085
Added	Reference	https://support.apple.com/HT205267
Added	Reference	https://support.citrix.com/article/CTX200217
Added	Reference	https://support.citrix.com/article/CTX200223
Added	Reference	https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html
Added	Reference	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075
Added	Reference	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183
Added	Reference	https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts
Added	Reference	https://www.suse.com/support/shellshock/

CVE Modified by [email protected]

May. 14, 2024

Action	Type	Old Value	New Value

CVE Modified by [email protected]

Aug. 09, 2018

Action	Type	Old Value	New Value
Added	Reference		https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183 [No Types Assigned]
Added	Reference		https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075 [No Types Assigned]

CVE Modified by [email protected]

Jan. 03, 2017

Action	Type	Old Value	New Value
Added	Reference		https://kc.mcafee.com/corporate/index?page=content&id=SB10085 [No Types Assigned]

CVE Modified by [email protected]

Oct. 10, 2015

Action	Type	Old Value	New Value
Added	Reference		http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
Added	Reference		https://support.apple.com/HT205267

CVE Modified by [email protected]

May. 12, 2015

Action	Type	Old Value	New Value
Added	Reference		http://www.mandriva.com/security/advisories?name=MDVSA-2015:164

CVE Modified by [email protected]

Mar. 27, 2015

Action	Type	Old Value	New Value
Added	Reference		http://marc.info/?l=bugtraq&m=142721162228379&w=2

CVE Modified by [email protected]

Mar. 18, 2015

Action	Type	Old Value	New Value
Added	Reference		http://marc.info/?l=bugtraq&m=142118135300698&w=2

CVE Modified by [email protected]

Mar. 12, 2015

Action	Type	New Value
Added	Reference	http://marc.info/?l=bugtraq&m=142358026505815&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=142358078406056&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=142289270617409&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=141879528318582&w=2

CVE Modified by [email protected]

Jan. 31, 2015

Action	Type	Old Value	New Value
Added	Reference		http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
Added	Reference		http://support.apple.com/HT204244

CVE Modified by [email protected]

Dec. 24, 2014

Action	Type	New Value
Added	Reference	http://secunia.com/advisories/62312
Added	Reference	http://secunia.com/advisories/59961
Added	Reference	http://secunia.com/advisories/62343
Added	Reference	http://linux.oracle.com/errata/ELSA-2014-3093
Added	Reference	http://linux.oracle.com/errata/ELSA-2014-3094

CVE Modified by [email protected]

Nov. 20, 2014

Action	Type	New Value
Added	Reference	http://marc.info/?l=bugtraq&m=141577137423233&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=141577241923505&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=141576728022234&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=141577297623641&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=141585637922673&w=2

CVE Modified by [email protected]

Nov. 14, 2014

Action	Type	Old Value	New Value
Added	Reference		http://marc.info/?l=bugtraq&m=141383465822787&w=2

Initial Analysis by [email protected]

Sep. 29, 2014

Action	Type	Old Value	New Value

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

CVE-2014-6277

Apache HTTP Server Bash Environment Variable Injection Vulnerability

Description

INFO

Sept. 27, 2014, 10:55 p.m.

April 12, 2025, 10:46 a.m.

Yes !

Affected Products

CVSS Scores

Solution

Public PoC/Exploit Available at Github

References to Advisories, Solutions, and Tools

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

CVE Modified by af854a3a-2127-422b-91ae-364da2661108

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Initial Analysis by [email protected]

Vulnerability Scoring Details

Base CVSS Score: 10

Exploit Prediction

86.46 }} 3.36%

0.99368

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable