CVE-2014-6271 (BASH) vulnerability

Question

are the f5 firepass vulnerable to the CVE-2014-6271 (BASH) vulnerability &nbsp;

gary_zhu · Answer

I am not sure the firepass, but if the target server is running the version of BASH, (not yet fully patched), yes, F5 LTM will pass through, I just tested it.
I have put in below iRule to block these types of requests, however, this is just for User-Agent check, there is no way to check for all headers. And this is very specific to this attack and variants of this attack.
Any suggestion to improve below iRule is welcome, put contains first thinking it might be faster:
when HTTP_REQUEST {
  if { [string tolower [HTTP::header value User-Agent]] contains "echo" } {
    if { [string tolower [HTTP::header value User-Agent]] matches_regex ".*echo.*echo.*" } {
        log local0. "Bad request from [IP::client_addr] with User agent [HTTP::header value User-Agent]"
        HTTP::respond 403 content "What the f..." noserver 
    } elseif { [string tolower [HTTP::header value User-Agent]] matches_regex ".*;.*;.*;.*" } {
    log local0. "Bad request from [IP::client_addr] with User agent [HTTP::header value User-Agent]"
    HTTP::respond 403 content "What the f..." noserver 
}
  } 
}

Forum Discussion

CVE-2014-6271 (BASH) vulnerability

1 Reply

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

error code 503 redirect irule

Any way to cache HEAD request

iRule Pool member(s) offline or disabled

Restful API call takes too long

About f5 access scheme additional functionality

Related Content

CVE-2014-6271 Shellshocked

Vulnérabilité Shellshock - CVE-2014-6271 et CVE-2014-7169

Using bash and tmsh to make bulk updates

OpenSSH vulnerability

Mitigating Log4j Vulnerability using F5 BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS