ExtraHop Logo
Try ExtraHop
Menu iconX icon
  • Platformchevron right
  • Solutionschevron right
  • Modern NDRchevron right
  • Resourceschevron right
  • Companychevron right
User iconSign In
Contact Us

DETECTION OVERVIEW

Shellshock HTTP Exploit Attempt by a Scanner

Risk Factors

The Shellshock vulnerability is well known and trivial to exploit. Vulnerability scanners can easily identify vulnerable applications. Authorized scans will not damage the application, but unauthorized scans should be investigated.

Kill Chain

Exploitation

Risk Score

41

Detection diagram
Next in Exploitation: SolarWinds Serv-U SSH Exploit Attempt - CVE-2021-35211

Attack Background

Shellshock is a remote code execution (RCE) vulnerability in the Bourne-Again shell (Bash) that attackers have been exploiting since 2014. An attacker sends an HTTP request with a Shellshock payload to a vulnerable device. The payload includes code with a syntax similar to () { :;}; <exploit command>. The malicious command runs in Bash and creates a shell. The attacker connects to the shell to remotely run commands on the victim.

Mitigation Options

Update Bash to 4.3 or later

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use casesArrow pointing right