It's a good thing we are naming all of our vulnerabilities now; it's easier to keep track of them. I haven't seen an official designation for CVE-2014-6271, but Shellshock seems appropriate. This ...
Jeff,
You say "At this point, we do not believe the traffic passing interfaces of a BIG-IP can be exploited."; Does this apply to the APM module as well given that those provide web services and serve web content through it's service interface ?