/plushcap/analysis/cloudflare/inside-shellshock

Inside Shellshock: How hackers are using it to exploit systems

What's this blog post about?

The Shellshock bug was discovered in September 2014, causing a scramble to patch vulnerable versions of bash on computers, servers, routers, and other computing appliances. CloudFlare rolled out protection for its Pro, Business, and Enterprise customers through their Web Application Firewall (WAF), later extending it to Free plan customers as well. The Shellshock problem is an example of an arbitrary code execution (ACE) vulnerability that allows hackers to take control of another computer without requiring specialized knowledge. It has been exploited worldwide for various malicious activities, including reconnaissance, denial-of-service attacks, and taking direct control of servers.

Company
Cloudflare

Date published
Sept. 30, 2014

Author(s)
John Graham-Cumming

Word count
2240

Language
English

Hacker News points
229


By Matt Makai. 2021-2024.