CVE-2014-6271 [Exploited] | Gnu BASH Command Injection

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

EDB-ID	Source	Kind	Published	Link
42938	exploit_db	edb	2017-10-02	Exploit-DB ↗
40938	exploit_db	edb	2016-12-18	Exploit-DB ↗
40619	exploit_db	edb	2016-10-21	Exploit-DB ↗
39918	exploit_db	edb	2016-06-10	Exploit-DB ↗
38849	exploit_db	edb	2015-12-02	Exploit-DB ↗
37816	exploit_db	edb	2015-08-18	Exploit-DB ↗
36609	exploit_db	edb	2015-04-02	Exploit-DB ↗
36504	exploit_db	edb	2015-03-26	Exploit-DB ↗
36503	exploit_db	edb	2015-03-26	Exploit-DB ↗
35146	exploit_db	edb	2014-11-03	Exploit-DB ↗
35115	exploit_db	edb	2014-10-29	Exploit-DB ↗
34896	exploit_db	edb	2014-10-06	Exploit-DB ↗
34900	exploit_db	edb	2014-10-06	Exploit-DB ↗
34895	exploit_db	edb	2014-10-06	Exploit-DB ↗
34879	exploit_db	edb	2014-10-04	Exploit-DB ↗
34862	exploit_db	edb	2014-10-02	Exploit-DB ↗
34860	exploit_db	edb	2014-10-02	Exploit-DB ↗
34839	exploit_db	edb	2014-10-01	Exploit-DB ↗
34765	exploit_db	edb	2014-09-25	Exploit-DB ↗
34766	exploit_db	edb	2014-09-25	Exploit-DB ↗
34777	exploit_db	edb	2014-09-25	Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗

EDB-ID

Source

Kind

Published

Link

42938

exploit_db

edb

2017-10-02

Exploit-DB ↗

40938

exploit_db

edb

2016-12-18

Exploit-DB ↗

40619

exploit_db

edb

2016-10-21

Exploit-DB ↗

39918

exploit_db

edb

2016-06-10

Exploit-DB ↗

38849

exploit_db

edb

2015-12-02

Exploit-DB ↗

37816

exploit_db

edb

2015-08-18

Exploit-DB ↗

36609

exploit_db

edb

2015-04-02

Exploit-DB ↗

36504

exploit_db

edb

2015-03-26

Exploit-DB ↗

36503

exploit_db

edb

2015-03-26

Exploit-DB ↗

35146

exploit_db

edb

2014-11-03

Exploit-DB ↗

35115

exploit_db

edb

2014-10-29

Exploit-DB ↗

34896

exploit_db

edb

2014-10-06

Exploit-DB ↗

34900

exploit_db

edb

2014-10-06

Exploit-DB ↗

34895

exploit_db

edb

2014-10-06

Exploit-DB ↗

34879

exploit_db

edb

2014-10-04

Exploit-DB ↗

34862

exploit_db

edb

2014-10-02

Exploit-DB ↗

34860

exploit_db

edb

2014-10-02

Exploit-DB ↗

34839

exploit_db

edb

2014-10-01

Exploit-DB ↗

34765

exploit_db

edb

2014-09-25

Exploit-DB ↗

34766

exploit_db

edb

2014-09-25

Exploit-DB ↗

34777

exploit_db

edb

2014-09-25

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-03-29	94.14%	94.22%	+0.08%
2	2026-03-16	94.22%	94.14%	-0.08%
3	2025-09-04	—	94.22%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-03-29

94.14%

94.22%

+0.08%

2026-03-16

94.22%

94.14%

-0.08%

2025-09-04

—

94.22%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
9.8	3.1	CRITICAL	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H` Click to expand Attack vector (AV:N) Could be attacked over the internet or any normal routed network—not just someone sitting at the machine. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:N) No account or special rights needed—anonymous or random user is enough. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:H) Serious risk that confidential data gets exposed in a big way. Integrity (I:H) They could widely tamper with or forge data—trust in the data is badly hurt. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	3.9	5.9	[email protected]
9.8	3.1	CRITICAL	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H` Click to expand Attack vector (AV:N) Could be attacked over the internet or any normal routed network—not just someone sitting at the machine. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:N) No account or special rights needed—anonymous or random user is enough. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:H) Serious risk that confidential data gets exposed in a big way. Integrity (I:H) They could widely tamper with or forge data—trust in the data is badly hurt. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	3.9	5.9	134c704f-9b21-4f2e-91b3-4a467353bcc0
10.0	2.0	HIGH	`AV:N/AC:L/Au:N/C:C/I:C/A:C` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:C) Complete confidentiality impact. Integrity impact (I:C) Complete integrity impact. Availability impact (A:C) Complete availability impact.	10.0	10.0	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

9.8

3.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Click to expand

Attack vector (AV:N): Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L): Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N): No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H): Serious risk that confidential data gets exposed in a big way.
Integrity (I:H): They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H): Could take the service down hard or make it unusable for people who depend on it.

3.9

5.9

[email protected]

9.8

3.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Click to expand

Attack vector (AV:N): Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L): Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N): No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H): Serious risk that confidential data gets exposed in a big way.
Integrity (I:H): They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H): Could take the service down hard or make it unusable for people who depend on it.

3.9

5.9

134c704f-9b21-4f2e-91b3-4a467353bcc0

10.0

2.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:C): Complete confidentiality impact.
Integrity impact (I:C): Complete integrity impact.
Availability impact (A:C): Complete availability impact.

10.0

[email protected]

OS Trackers for CVE-2014-6271

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2014-6271 not yet assigned priority: Debian including 1 source packages (bash), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2014-6271
`gentoo`	high	CVE-2014-6271: 1 GLSA(s) (201409-09), 1 atom(s) (app-shells/bash); latest impact high.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2014-6271
`redhat`	critical	—	https://access.redhat.com/security/cve/CVE-2014-6271
`suse`	high	CVE-2014-6271 severity important: SUSE including 122 source package names (Containment-Studio-SLE11_SP1-4.85.108-20141006120850, Containment-Studio-SLE11_SP3-5.04.108-20141006122525, …), 270 product×package rows across 60 product lines (HPE Helion OpenStack 8, SUSE Liberty Linux 7, … (60 product lines)): Fixed 195, Known Not Affected 75.	https://www.suse.com/security/cve/CVE-2014-6271/
`ubuntu`	high	CVE-2014-6271 high priority: Ubuntu including 1 source packages (bash), 4 status rows across 4 suites (lucid, precise, trusty, upstream): released 3, needs-triage 1.	https://ubuntu.com/security/CVE-2014-6271

Affected software / configurations for CVE-2014-6271

Vendor	Product	Version	Raw CPE
gnu	bash	<= 4.3	cpe:2.3:a:gnu:bash::::::::
arista	eos	>= 4.9.0, < 4.9.12	cpe:2.3:o:arista:eos::::::::
arista	eos	>= 4.10.0, < 4.10.9	cpe:2.3:o:arista:eos::::::::
arista	eos	>= 4.11.0, < 4.11.11	cpe:2.3:o:arista:eos::::::::
arista	eos	>= 4.12.0, < 4.12.9	cpe:2.3:o:arista:eos::::::::
arista	eos	>= 4.13.0, < 4.13.9	cpe:2.3:o:arista:eos::::::::
arista	eos	>= 4.14.0, < 4.14.4f	cpe:2.3:o:arista:eos::::::::
oracle	linux	4	cpe:2.3:o:oracle:linux:4:::::::*
oracle	linux	5	cpe:2.3:o:oracle:linux:5:-::::::
oracle	linux	6	cpe:2.3:o:oracle:linux:6:-::::::
qnap	qts	< 4.1.1	cpe:2.3:o:qnap:qts::::::::
qnap	qts	4.1.1	cpe:2.3:o:qnap:qts:4.1.1:-::::::
qnap	qts	4.1.1	cpe:2.3:o:qnap:qts:4.1.1:build_0927::::::
mageia	mageia	3.0	cpe:2.3:o:mageia:mageia:3.0:::::::*
mageia	mageia	4.0	cpe:2.3:o:mageia:mageia:4.0:::::::*
redhat	gluster_storage_server_for_on-premise	2.1	cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.1:::::::*
redhat	virtualization	3.4	cpe:2.3:a:redhat:virtualization:3.4:::::::*
redhat	enterprise_linux	4.0	cpe:2.3:o:redhat:enterprise_linux:4.0:::::::*
redhat	enterprise_linux	5.0	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
redhat	enterprise_linux	6.0	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
redhat	enterprise_linux	7.0	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
redhat	enterprise_linux_desktop	5.0	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
redhat	enterprise_linux_desktop	6.0	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
redhat	enterprise_linux_desktop	7.0	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
redhat	enterprise_linux_eus	5.9	cpe:2.3:o:redhat:enterprise_linux_eus:5.9:::::::*
redhat	enterprise_linux_eus	6.4	cpe:2.3:o:redhat:enterprise_linux_eus:6.4:::::::*
redhat	enterprise_linux_eus	6.5	cpe:2.3:o:redhat:enterprise_linux_eus:6.5:::::::*
redhat	enterprise_linux_eus	7.3	cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*
redhat	enterprise_linux_eus	7.4	cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
redhat	enterprise_linux_eus	7.5	cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
redhat	enterprise_linux_eus	7.6	cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*
redhat	enterprise_linux_eus	7.7	cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*
redhat	enterprise_linux_for_ibm_z_systems	5.9_s390x	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:5.9_s390x:::::::*
redhat	enterprise_linux_for_ibm_z_systems	6.4_s390x	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.4_s390x:::::::*
redhat	enterprise_linux_for_ibm_z_systems	6.5_s390x	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.5_s390x:::::::*
redhat	enterprise_linux_for_ibm_z_systems	7.3_s390x	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.3_s390x:::::::*
redhat	enterprise_linux_for_ibm_z_systems	7.4_s390x	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.4_s390x:::::::*
redhat	enterprise_linux_for_ibm_z_systems	7.5_s390x	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.5_s390x:::::::*
redhat	enterprise_linux_for_ibm_z_systems	7.6_s390x	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.6_s390x:::::::*
redhat	enterprise_linux_for_ibm_z_systems	7.7_s390x	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.7_s390x:::::::*
redhat	enterprise_linux_for_power_big_endian	5.0_ppc	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:5.0_ppc:::::::*
redhat	enterprise_linux_for_power_big_endian	5.9_ppc	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:5.9_ppc:::::::*
redhat	enterprise_linux_for_power_big_endian	6.0_ppc64	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:::::::*
redhat	enterprise_linux_for_power_big_endian	6.4_ppc64	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.4_ppc64:::::::*
redhat	enterprise_linux_for_power_big_endian	7.0_ppc64	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:::::::*
redhat	enterprise_linux_for_power_big_endian_eus	6.5_ppc64	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:6.5_ppc64:::::::*
redhat	enterprise_linux_for_power_big_endian_eus	7.3_ppc64	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.3_ppc64:::::::*
redhat	enterprise_linux_for_power_big_endian_eus	7.4_ppc64	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:::::::*
redhat	enterprise_linux_for_power_big_endian_eus	7.5_ppc64	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:::::::*
redhat	enterprise_linux_for_power_big_endian_eus	7.6_ppc64	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:::::::*
redhat	enterprise_linux_for_power_big_endian_eus	7.7_ppc64	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:::::::*
redhat	enterprise_linux_for_scientific_computing	6.0	cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:::::::*
redhat	enterprise_linux_for_scientific_computing	7.0	cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::*
redhat	enterprise_linux_server	5.0	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
redhat	enterprise_linux_server	6.0	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
redhat	enterprise_linux_server	7.0	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
redhat	enterprise_linux_server_aus	5.6	cpe:2.3:o:redhat:enterprise_linux_server_aus:5.6:::::::*
redhat	enterprise_linux_server_aus	5.9	cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:::::::*
redhat	enterprise_linux_server_aus	6.2	cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:::::::*
redhat	enterprise_linux_server_aus	6.4	cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:::::::*
redhat	enterprise_linux_server_aus	6.5	cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:::::::*
redhat	enterprise_linux_server_aus	7.3	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
redhat	enterprise_linux_server_aus	7.4	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
redhat	enterprise_linux_server_aus	7.6	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
redhat	enterprise_linux_server_aus	7.7	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
redhat	enterprise_linux_server_from_rhui	5.0	cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:5.0:::::::*
redhat	enterprise_linux_server_from_rhui	6.0	cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:6.0:::::::*
redhat	enterprise_linux_server_from_rhui	7.0	cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:7.0:::::::*
redhat	enterprise_linux_server_tus	6.5	cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:::::::*
redhat	enterprise_linux_server_tus	7.3	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
redhat	enterprise_linux_server_tus	7.6	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
redhat	enterprise_linux_server_tus	7.7	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
redhat	enterprise_linux_workstation	5.0	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
redhat	enterprise_linux_workstation	6.0	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
redhat	enterprise_linux_workstation	7.0	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
suse	studio_onsite	1.3	cpe:2.3:a:suse:studio_onsite:1.3:::::::*
opensuse	opensuse	12.3	cpe:2.3:o:opensuse:opensuse:12.3:::::::*
opensuse	opensuse	13.1	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
opensuse	opensuse	13.2	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
suse	linux_enterprise_desktop	11	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3::::::

References for CVE-2014-6271

URL	Tags
http://advisories.mageia.org/MGASA-2014-0388.html	Third Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html	Broken Link Third Party Advisory
http://jvn.jp/en/jp/JVN55667175/index.html	Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126	Third Party Advisory VDB Entry Vendor Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673	Third Party Advisory
http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html	Exploit Issue Tracking Third Party Advisory
http://linux.oracle.com/errata/ELSA-2014-1293.html	Third Party Advisory
http://linux.oracle.com/errata/ELSA-2014-1294.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00028.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00029.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00034.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00040.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00049.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=141216207813411&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=141216668515282&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=141235957116749&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=141319209015420&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=141330425327438&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=141330468527613&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=141345648114150&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=141383026420882&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=141383081521087&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=141383138121313&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=141383196021590&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=141383244821813&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=141383304022067&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=141383353622268&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=141383465822787&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=141450491804793&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=141576728022234&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=141577137423233&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=141577241923505&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=141577297623641&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=141585637922673&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=141694386919794&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=141879528318582&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=142113462216480&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=142118135300698&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=142358026505815&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=142358078406056&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=142546741516006&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=142719845423222&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=142721162228379&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=142805027510172&w=2	Mailing List Third Party Advisory
http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/128573/Apache-mod_cgi-Remote-Command-Execution.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/137376/IPFire-Bash-Environment-Variable-Injection-Shellshock.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/161107/SonicWall-SSL-VPN-Shellshock-Remote-Code-Execution.html	Third Party Advisory VDB Entry
http://rhn.redhat.com/errata/RHSA-2014-1293.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1294.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1295.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1354.html	Third Party Advisory
http://seclists.org/fulldisclosure/2014/Oct/0	Mailing List Third Party Advisory
http://secunia.com/advisories/58200	Broken Link Third Party Advisory
http://secunia.com/advisories/59272	Broken Link Third Party Advisory
http://secunia.com/advisories/59737	Broken Link Third Party Advisory
http://secunia.com/advisories/59907	Broken Link Third Party Advisory
http://secunia.com/advisories/60024	Broken Link Third Party Advisory
http://secunia.com/advisories/60034	Broken Link Third Party Advisory
http://secunia.com/advisories/60044	Broken Link Third Party Advisory
http://secunia.com/advisories/60055	Broken Link Third Party Advisory
http://secunia.com/advisories/60063	Broken Link Third Party Advisory
http://secunia.com/advisories/60193	Broken Link Third Party Advisory
http://secunia.com/advisories/60325	Broken Link Third Party Advisory
http://secunia.com/advisories/60433	Broken Link Third Party Advisory
http://secunia.com/advisories/60947	Broken Link Third Party Advisory
http://secunia.com/advisories/61065	Broken Link Third Party Advisory
http://secunia.com/advisories/61128	Broken Link Third Party Advisory
http://secunia.com/advisories/61129	Broken Link Third Party Advisory
http://secunia.com/advisories/61188	Broken Link Third Party Advisory
http://secunia.com/advisories/61283	Broken Link Third Party Advisory
http://secunia.com/advisories/61287	Broken Link Third Party Advisory
http://secunia.com/advisories/61291	Broken Link Third Party Advisory
http://secunia.com/advisories/61312	Broken Link Third Party Advisory
http://secunia.com/advisories/61313	Broken Link Third Party Advisory
http://secunia.com/advisories/61328	Broken Link Third Party Advisory
http://secunia.com/advisories/61442	Broken Link Third Party Advisory
http://secunia.com/advisories/61471	Broken Link Third Party Advisory
http://secunia.com/advisories/61485	Broken Link Third Party Advisory
http://secunia.com/advisories/61503	Broken Link Third Party Advisory
http://secunia.com/advisories/61542	Broken Link Third Party Advisory
http://secunia.com/advisories/61547	Broken Link Third Party Advisory
http://secunia.com/advisories/61550	Broken Link Third Party Advisory
http://secunia.com/advisories/61552	Broken Link Third Party Advisory
http://secunia.com/advisories/61565	Broken Link Third Party Advisory
http://secunia.com/advisories/61603	Broken Link Third Party Advisory
http://secunia.com/advisories/61633	Broken Link Third Party Advisory
http://secunia.com/advisories/61641	Broken Link Third Party Advisory
http://secunia.com/advisories/61643	Broken Link Third Party Advisory
http://secunia.com/advisories/61654	Broken Link Third Party Advisory
http://secunia.com/advisories/61676	Broken Link Third Party Advisory
http://secunia.com/advisories/61700	Broken Link Third Party Advisory
http://secunia.com/advisories/61703	Broken Link Third Party Advisory
http://secunia.com/advisories/61711	Broken Link Third Party Advisory
http://secunia.com/advisories/61715	Broken Link Third Party Advisory
http://secunia.com/advisories/61780	Broken Link Third Party Advisory
http://secunia.com/advisories/61816	Broken Link Third Party Advisory
http://secunia.com/advisories/61855	Broken Link Third Party Advisory
http://secunia.com/advisories/61857	Broken Link Third Party Advisory
http://secunia.com/advisories/61873	Broken Link Third Party Advisory
http://secunia.com/advisories/62228	Broken Link Third Party Advisory
http://secunia.com/advisories/62312	Broken Link Third Party Advisory
http://secunia.com/advisories/62343	Broken Link Third Party Advisory
http://support.apple.com/kb/HT6495	Third Party Advisory
http://support.novell.com/security/cve/CVE-2014-6271.html	Third Party Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21685541	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21685604	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21685733	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21685749	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21685914	Broken Link Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21686084	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21686131	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21686246	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21686445	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21686447	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21686479	Broken Link Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21686494	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21687079	Third Party Advisory
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315	Broken Link Third Party Advisory
http://www.debian.org/security/2014/dsa-3032	Mailing List Third Party Advisory
http://www.kb.cert.org/vuls/id/252743	Third Party Advisory US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2015:164	Broken Link Third Party Advisory
http://www.novell.com/support/kb/doc.php?id=7015701	Third Party Advisory
http://www.novell.com/support/kb/doc.php?id=7015721	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html	Third Party Advisory
http://www.qnap.com/i/en/support/con_show.php?cid=61	Third Party Advisory
http://www.securityfocus.com/archive/1/533593/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/70103	Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2362-1	Third Party Advisory
http://www.us-cert.gov/ncas/alerts/TA14-268A	Third Party Advisory US Government Resource
http://www.vmware.com/security/advisories/VMSA-2014-0010.html	Third Party Advisory
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0	Broken Link Third Party Advisory
https://access.redhat.com/articles/1200223	Exploit Third Party Advisory
https://access.redhat.com/node/1200223	Exploit Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1141597	Issue Tracking Patch
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes	Broken Link Third Party Advisory
https://kb.bluecoat.com/index?page=content&id=SA82	Broken Link Third Party Advisory
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648	Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10085	Broken Link Third Party Advisory
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/	Exploit Third Party Advisory
https://support.apple.com/kb/HT6535	Third Party Advisory
https://support.citrix.com/article/CTX200217	Third Party Advisory
https://support.citrix.com/article/CTX200223	Permissions Required
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html	Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075	Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183	Broken Link Third Party Advisory
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts	Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006	Third Party Advisory
https://www.exploit-db.com/exploits/34879/	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/37816/	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/38849/	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/39918/	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/40619/	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/40938/	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/42938/	Exploit Third Party Advisory VDB Entry
https://www.suse.com/support/shellshock/	Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-6271	US Government Resource

URL

CVE-2014-6271

CISA KEV Record for CVE-2014-6271

Public exploit references (Exploit-DB) for CVE-2014-6271

Exploit prediction scoring system (EPSS) score for CVE-2014-6271

Common vulnerability scoring system (CVSS) metrics for CVE-2014-6271

Weakness enumeration for CVE-2014-6271

OS Trackers for CVE-2014-6271

Affected software / configurations for CVE-2014-6271

References for CVE-2014-6271