Forum Discussion
Craig_C_
Nimbostratus
NimbostratusHas anyone written an iRule to filter CVE-2014-6271?
CVE-2014-6271 was made public today, potentially wreaking havoc on apache/bash. Has anyone written an iRule to filter this vulnerability from HTTP GET requests?
This works for me:
curl http://192.168.1.59 -H " User-Agent: () { :;}; echo "Result is:
Rule /Common/bash_vul : Detected CVE-2014-6271 attack from 192.168.1.133
Rule /Common/bash_vul : GET / HTTP/1.1 Host: 192.168.1.59 Accept: */* User-Agent: () {
This also works:
curl http://192.168.1.59 -H " User-Agent: () { :;}; echo "Result:
Rule /Common/bash_vul : Detected CVE-2014-6271 attack from 192.168.1.133
Rule /Common/bash_vul : GET / HTTP/1.1 User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 OpenSSL/1.0.1e zlib/1.2.3 libidn/0.6.5 Host: 192.168.1.59 Accept: */* User-Agent: () { :;}; echo
