Inside Shellshock: How hackers are using it to exploit systems

The Shellshock bug was discovered in September 2014, causing a scramble to patch vulnerable versions of bash on computers, servers, routers, and other computing appliances. CloudFlare rolled out protection for its Pro, Business, and Enterprise customers through their Web Application Firewall (WAF), later extending it to Free plan customers as well. The Shellshock problem is an example of an arbitrary code execution (ACE) vulnerability that allows hackers to take control of another computer without requiring specialized knowledge. It has been exploited worldwide for various malicious activities, including reconnaissance, denial-of-service attacks, and taking direct control of servers.