Bash Shellshock Mitigation Using ASM Signatures

Update: The signature mentioned in this article have been released as part of an Attack Signature Update. You may head to https://downloads.f5.com to download the file manually, or use the automatic...
Updated Jun 23, 2022
Version 2.0
ASM Advanced WAF
cve-2014-6271
cve-2014-6277
cve-2014-7169
mitigation
security
shellshock
signature
Avalanchee's avatar
Avalanchee
Icon for Nimbostratus rankNimbostratus
Oct 06, 2014
Hi Jonathan, This signature shouldn't appear in the generic signature set, as this one contains only generally applicable signatures. For example, you will find cross-site scripting, SQL injection (common syntax) and malicious user-agent signatures in that set. The Shellshock signature only applies to the Unix/Linux operating system. Therefore you should create a new signature set with the Unix/Linux system and apply it to the relevant policies. This way you will be protected against Shellshock, as well as other attacks that target this operating system.