{"api_version":"1","generated_at":"2026-04-23T11:22:35+00:00","cve":"CVE-2014-6278","urls":{"html":"https://cve.report/CVE-2014-6278","api":"https://cve.report/api/cve/CVE-2014-6278.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-6278","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-6278"},"summary":{"title":"CVE-2014-6278","description":"GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.","state":"PUBLISHED","assigner":"debian","published_at":"2014-09-30 10:55:04","updated_at":"2026-04-22 16:07:15"},"problem_types":["CWE-78","n/a","CWE-78 CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"10","severity":"","vector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html","name":"http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"lcamtuf's blog: Bash bug: the other two RCEs, or how we chipped away at the original fix (CVE-2014-6277 and '78)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686479","name":"http://www-01.ibm.com/support/docview.wss?uid=swg21686479","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"IBM Security Bulletin: Vulnerabilities in Bash affect Virtual Server Protection for VMware (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278) - United States","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"https://kb.bluecoat.com/index?page=content&id=SA82","name":"https://kb.bluecoat.com/index?page=content&id=SA82","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"GNU Bash Shellshock command injection vulnerabilities | Blue Coat Systems, Inc.","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts","name":"https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Check Point Response to CVE-2014-6271 and CVE-2014-7169 Bash Code Injection vulnerability","mime":"application/octet-stream","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=142118135300698&w=2","name":"http://marc.info/?l=bugtraq&m=142118135300698&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"'[security bulletin] HPSBGN03233 rev.1 - HP OneView running OpenSSL, Remote Denial of Service (DoS), ' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-2380-1","name":"http://www.ubuntu.com/usn/USN-2380-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"USN-2380-1: Bash vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/61128","name":"http://secunia.com/advisories/61128","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=141879528318582&w=2","name":"http://marc.info/?l=bugtraq&m=141879528318582&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"'[security bulletin] HPSBMU03217 rev.1 - HP Vertica Analytics Platform running Bash Shell, Remote Cod' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/61313","name":"http://secunia.com/advisories/61313","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/61287","name":"http://secunia.com/advisories/61287","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"https://support.citrix.com/article/CTX200217","name":"https://support.citrix.com/article/CTX200217","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Citrix Security Advisory for GNU Bash Shellshock Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/61643","name":"http://secunia.com/advisories/61643","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/62312","name":"http://secunia.com/advisories/62312","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=141383081521087&w=2","name":"http://marc.info/?l=bugtraq&m=141383081521087&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"'[security bulletin] HPSBMU03144 rev.1 - HP Operation Agent Virtual Appliance, Bash Shell, Remote Cod' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/61283","name":"http://secunia.com/advisories/61283","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/61552","name":"http://secunia.com/advisories/61552","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272","name":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"IBM Security Bulletin: UPDATE: Vulnerabilities in Bash affect AIX Toolbox for Linux Applications  (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187) - United States","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=142721162228379&w=2","name":"http://marc.info/?l=bugtraq&m=142721162228379&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"'[security bulletin] HPSBMU03220 rev.1 - HP Shunra Network Appliance / HP Shunra Wildcat Appliance, R' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=141577297623641&w=2","name":"http://marc.info/?l=bugtraq&m=141577297623641&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"'[security bulletin] HPSBST03154 rev.1 - HP StoreFabric C-series MDS switches and HP C-series Nexus 5' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html","name":"http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"CA Technologies GNU Bash Shellshock ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://linux.oracle.com/errata/ELSA-2014-3094","name":"http://linux.oracle.com/errata/ELSA-2014-3094","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"404 Not Found","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"https://www.exploit-db.com/exploits/39887/","name":"https://www.exploit-db.com/exploits/39887/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Sun Secure Global Desktop and Oracle Global Desktop 4.61.915 - Exploit (Shellshock)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648","name":"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Juniper Networks - 2014-09 Out of Cycle Security Bulletin: Multiple Products: Shell Command Injection Vulnerability in Bash   - Knowledge Base","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686131","name":"http://www-01.ibm.com/support/docview.wss?uid=swg21686131","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"IBM Security Bulletin: Vulnerabilities in Bash affect IBM Workload Deployer  (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278) - United States","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/61603","name":"http://secunia.com/advisories/61603","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://www.qnap.com/i/en/support/con_show.php?cid=61","name":"http://www.qnap.com/i/en/support/con_show.php?cid=61","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"QNAP Systems, Inc. - Network Attached Storage (NAS)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21687079","name":"http://www-01.ibm.com/support/docview.wss?uid=swg21687079","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"IBM Security Bulletin: Vulnerabilities in Bash affect IBM PureData System for Operational Analytics (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278) - United States","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686445","name":"http://www-01.ibm.com/support/docview.wss?uid=swg21686445","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"IBM Security Bulletin: Vulnerabilities in Bash affect IBM Smart Analytics System 7600, 7700 and 7710 (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278) - United States","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/61291","name":"http://secunia.com/advisories/61291","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279","name":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"IBM Security Bulletin: Vulnerabilities in Bash affect IBM SmartCloud Entry Appliance (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278) - United States","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/61442","name":"http://secunia.com/advisories/61442","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/59907","name":"http://secunia.com/advisories/59907","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://jvn.jp/en/jp/JVN55667175/index.html","name":"http://jvn.jp/en/jp/JVN55667175/index.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"JVN#55667175: QNAP QTS vulnerable to OS command injection","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/62343","name":"http://secunia.com/advisories/62343","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686494","name":"http://www-01.ibm.com/support/docview.wss?uid=swg21686494","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"IBM Security Bulletin: Vulnerabilities in Bash affect IBM Smart Analytics System 5600 (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278) - United States","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/61065","name":"http://secunia.com/advisories/61065","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685541","name":"http://www-01.ibm.com/support/docview.wss?uid=swg21685541","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"IBM Security Bulletin: Vulnerabilities in Bash affect QRadar SIEM, QRadar Vulnerability Manager, QRadar Risk Manager, and QRadar Incident Forensics (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278) - United States","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=141383244821813&w=2","name":"http://marc.info/?l=bugtraq&m=141383244821813&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"'[security bulletin] HPSBGN03142 rev.1 - HP Business Service Automation Essentials running Bash Shell' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/60325","name":"http://secunia.com/advisories/60325","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:164","name":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:164","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Support / Security / Advisories /  / MDVSA-2015:164 | Mandriva","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=141345648114150&w=2","name":"http://marc.info/?l=bugtraq&m=141345648114150&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"'[security bulletin] HPSBHF03125 rev.1 - HP Next Generation Firewall (NGFW) running Bash Shell, Remot' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/61816","name":"http://secunia.com/advisories/61816","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/61485","name":"http://secunia.com/advisories/61485","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/60034","name":"http://secunia.com/advisories/60034","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898","name":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"IBM Security Bulletin: Vulnerabilities in Bash affect IBM System Storage Storwize V7000 Unified (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278) - United States","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=141585637922673&w=2","name":"http://marc.info/?l=bugtraq&m=141585637922673&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"'[security bulletin] HPSBMU03182 rev.1 - HP Server Automation running Bash Shell, Remote Code Executi' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897","name":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"IBM Security Bulletin: Vulnerabilities in Bash affect SAN Volume Controller and Storwize Family (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278) - United States","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=141577137423233&w=2","name":"http://marc.info/?l=bugtraq&m=141577137423233&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"'[security bulletin] HPSBMU03165 rev.1 - HP Propel running Bash Shell, Remote Code Execution' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/61503","name":"http://secunia.com/advisories/61503","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/60433","name":"http://secunia.com/advisories/60433","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=141383196021590&w=2","name":"http://marc.info/?l=bugtraq&m=141383196021590&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"'[security bulletin] HPSBST03129 rev.1 - HP StoreFabric B-series switches running Bash Shell, Remote ' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security-tracker.debian.org/tracker/CVE-2014-6278","name":"https://security-tracker.debian.org/tracker/CVE-2014-6278","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"CVE-2014-6278","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126","name":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://support.novell.com/security/cve/CVE-2014-6278.html","name":"http://support.novell.com/security/cve/CVE-2014-6278.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"CVE-2014-6278","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10085","name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10085","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"McAfee KnowledgeBase - McAfee Security Bulletin - Bash Shellshock Code Injection Exploit Updates for CVE-2014-6271 and CVE-2014-7169","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=141330468527613&w=2","name":"http://marc.info/?l=bugtraq&m=141330468527613&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"'[security bulletin] HPSBGN03138 rev.1 - HP Operations Analytics running Bash Shell, Remote Code Exec' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/60024","name":"http://secunia.com/advisories/60024","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/58200","name":"http://secunia.com/advisories/58200","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/61780","name":"http://secunia.com/advisories/61780","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315","name":"http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"IBM Support","mime":"text/html","httpstatus":"200","archivestatus":"403"},{"url":"http://secunia.com/advisories/61565","name":"http://secunia.com/advisories/61565","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://packetstormsecurity.com/files/137344/Sun-Secure-Global-Desktop-Oracle-Global-Desktop-Shellshock.html","name":"http://packetstormsecurity.com/files/137344/Sun-Secure-Global-Desktop-Oracle-Global-Desktop-Shellshock.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Sun Secure Global Desktop / Oracle Global Desktop Shellshock ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html","name":"http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"[security-announce] SUSE-SU-2014:1287-1: important: Security update for","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=141576728022234&w=2","name":"http://marc.info/?l=bugtraq&m=141576728022234&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"'[security bulletin] HPSBST03155 rev.1 - HP StoreFabric H-series switches running Bash Shell, Remote ' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/61129","name":"http://secunia.com/advisories/61129","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/61312","name":"http://secunia.com/advisories/61312","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"https://www.suse.com/support/shellshock/","name":"https://www.suse.com/support/shellshock/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"ShellShock 101 - What you need to know and do, to ensure your systems are secure","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=142358026505815&w=2","name":"http://marc.info/?l=bugtraq&m=142358026505815&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"'[security bulletin] HPSBMU03245 rev.1 - HP Insight Control server deployment Linux Preboot Execution' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/59961","name":"http://secunia.com/advisories/59961","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"Security Advisory SA59961 - Oracle Linux update for bash - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361","name":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"IBM Security Bulletin: Vulnerabilities in Bash affect IBM SDN VE (CVE-2014-6271,\nCVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278) - United States","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915","name":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"IBM Security Bulletin: IBM Real-time Compression Appliance is exposed to the following Bash vulnerabilities:  CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278 - United States","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-6278","name":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-6278","refsource":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183","name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"HPE Support document - HPE Support Center","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685914","name":"http://www-01.ibm.com/support/docview.wss?uid=swg21685914","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"IBM Security Bulletin: Vulnerabilities in Bash affect Proventia Network Enterprise Scanner (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278) - United States","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879","name":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"IBM Security Bulletin: Vulnerabilities in Bash affect DS8000\n HMC (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278) - United States","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/61654","name":"http://secunia.com/advisories/61654","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=141450491804793&w=2","name":"http://marc.info/?l=bugtraq&m=141450491804793&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"'[security bulletin] HPSBST03157 rev.1 - HP StoreEver ESL E-series Tape Library and HP Virtual Librar' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686246","name":"http://www-01.ibm.com/support/docview.wss?uid=swg21686246","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"IBM Security Bulletin: Vulnerabilities in Bash affect IBM PureApplication System  (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278) - United States","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/61703","name":"http://secunia.com/advisories/61703","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006","name":"https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Arista - Security Advisory 0006","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html","name":"http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Oracle Security Alert CVE-2014-7169","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075","name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"HPE Support document - HPE Support Center","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/60044","name":"http://secunia.com/advisories/60044","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/61633","name":"http://secunia.com/advisories/61633","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/60055","name":"http://secunia.com/advisories/60055","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/61328","name":"http://secunia.com/advisories/61328","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"https://support.citrix.com/article/CTX200223","name":"https://support.citrix.com/article/CTX200223","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Citrix XenServer Shellshock Security Update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=141383304022067&w=2","name":"http://marc.info/?l=bugtraq&m=141383304022067&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"'[security bulletin] HPSBGN03141 rev.1 - HP Automation Insight running Bash Shell, Remote Code Execut' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685733","name":"http://www-01.ibm.com/support/docview.wss?uid=swg21685733","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"IBM Security Bulletin: Vulnerabilities in Bash affect IBM Security Access Manager for Mobile and IBM Security Access Manager for Web (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278) - United States","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/61550","name":"http://secunia.com/advisories/61550","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html","name":"http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"],"title":"lcamtuf's blog: Bash bug: apply Florian's patch now (CVE-2014-6277 and CVE-2014-6278)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vmware.com/security/advisories/VMSA-2014-0010.html","name":"http://www.vmware.com/security/advisories/VMSA-2014-0010.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"VMSA-2014-0010.13 | United States","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.exploit-db.com/exploits/39568/","name":"https://www.exploit-db.com/exploits/39568/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Cisco UCS Manager 2.11b - Remote Exploit Shellshock","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=142358078406056&w=2","name":"http://marc.info/?l=bugtraq&m=142358078406056&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"'[security bulletin] HPSBMU03246 rev.1 - HP Insight Control for Linux Central Management Server Pre-b' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html","name":"https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"SOL15629 - Multiple GNU Bash vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685749","name":"http://www-01.ibm.com/support/docview.wss?uid=swg21685749","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"IBM Security Bulletin: Vulnerabilities in Bash affect IBM InfoSphere Guardium Database Activity Monitoring (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278) - United States","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/61471","name":"http://secunia.com/advisories/61471","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147414","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1147414","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Bug 1147414 – CVE-2014-6278 bash: code execution via specially crafted environment variables","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=141383353622268&w=2","name":"http://marc.info/?l=bugtraq&m=141383353622268&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"'[security bulletin] HPSBHF03146 rev.1 - HP Integrity SD2 CB900s i4 & i2 Server running Bash Shell, R' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=141577241923505&w=2","name":"http://marc.info/?l=bugtraq&m=141577241923505&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"'[security bulletin] HPSBST03181 rev.1 - HP StoreEver ESL G3 Tape Library running Bash Shell, Remote ' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=141383026420882&w=2","name":"http://marc.info/?l=bugtraq&m=141383026420882&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"'[security bulletin] HPSBMU03143 rev.1 - HP Virtualization Performance Viewer, Bash Shell, Remote Cod' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.novell.com/support/kb/doc.php?id=7015721","name":"http://www.novell.com/support/kb/doc.php?id=7015721","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Support | ZENworks Configuration Management vulnerability with GNU Bash Remote Code Execution (aka ShellShock)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/60063","name":"http://secunia.com/advisories/60063","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/61857","name":"http://secunia.com/advisories/61857","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/61641","name":"http://secunia.com/advisories/61641","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://linux.oracle.com/errata/ELSA-2014-3093","name":"http://linux.oracle.com/errata/ELSA-2014-3093","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"404 Not Found","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"http://secunia.com/advisories/60193","name":"http://secunia.com/advisories/60193","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"About Secunia Research | Flexera","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html","name":"http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"],"title":"openSUSE-SU-2014:1310-1: moderate: update for bash","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685604","name":"http://www-01.ibm.com/support/docview.wss?uid=swg21685604","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"IBM Security Bulletin: Vulnerabilities in Bash and GNU C Library affect WebSphere Transformation Extender (WTX) with Launcher Hypervisor Edition (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-5119, CVE-2014-7186, CVE-2014-7187) - United States","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash","name":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"GNU Bash Environment Variable Command Injection Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=141383465822787&w=2","name":"http://marc.info/?l=bugtraq&m=141383465822787&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"'[security bulletin] HPSBHF03145 rev.1 - HP Integrity Superdome X and HP Converged System 900 for SAP' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-6278","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-6278","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"6278","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"bash","cpe6":"1.14.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"6278","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"bash","cpe6":"1.14.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"6278","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"bash","cpe6":"1.14.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"6278","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"bash","cpe6":"1.14.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"6278","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"bash","cpe6":"1.14.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"6278","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"bash","cpe6":"1.14.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"6278","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"bash","cpe6":"1.14.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"6278","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"bash","cpe6":"1.14.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"6278","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"bash","cpe6":"2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"6278","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"bash","cpe6":"2.01","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"6278","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"bash","cpe6":"2.01.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"6278","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"bash","cpe6":"2.02","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"6278","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"bash","cpe6":"2.02.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"6278","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"bash","cpe6":"2.03","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"6278","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"bash","cpe6":"2.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"6278","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"bash","cpe6":"2.05","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"6278","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"bash","cpe6":"2.05","cpe7":"a","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"6278","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"bash","cpe6":"2.05","cpe7":"b","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"6278","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"bash","cpe6":"3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"6278","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"bash","cpe6":"3.0.16","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"6278","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"bash","cpe6":"3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"6278","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"bash","cpe6":"3.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"6278","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"bash","cpe6":"3.2.48","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"6278","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"bash","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"6278","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"bash","cpe6":"4.0","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"6278","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"bash","cpe6":"4.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"6278","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"bash","cpe6":"4.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"6278","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"bash","cpe6":"4.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2014","cve_id":"6278","cve":"CVE-2014-6278","vendorProject":"GNU","product":"GNU Bash","vulnerabilityName":"GNU Bash OS Command Injection Vulnerability","dateAdded":"2025-10-02","shortDescription":"GNU Bash contains an OS command injection vulnerability which allows remote attackers to execute arbitrary commands via a crafted environment.","requiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. ","dueDate":"2025-10-23","knownRansomwareCampaignUse":"Unknown","notes":"This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-027 ; https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23467 ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash ; https://www.ibm.com/support/pages/security-bulletin-update-vulnerabilities-bash-affect-aix-toolbox-linux-applications-cve-2014-6271-cve-2014-6277-cve-2014-6278-cve-2014-7169-cve-2014-7186-and-cve-2014-7187 ; https://nvd.nist.gov/vuln/detail/CVE-2014-6278","cwes":"CWE-78","catalogVersion":"2026.04.22","updated_at":"2026-04-22 20:03:10"},"epss":{"cve_year":"2014","cve_id":"6278","cve":"CVE-2014-6278","epss":"0.901050000","percentile":"0.995890000","score_date":"2026-04-22","updated_at":"2026-04-23 00:03:15"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T12:10:13.322Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685749"},{"name":"HPSBMU03165","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=141577137423233&w=2"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://linux.oracle.com/errata/ELSA-2014-3093"},{"name":"SSRT101819","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=142721162228379&w=2"},{"name":"HPSBMU03245","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=142358026505815&w=2"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686479"},{"name":"JVN#55667175","tags":["third-party-advisory","x_refsource_JVN","x_transferred"],"url":"http://jvn.jp/en/jp/JVN55667175/index.html"},{"name":"60433","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/60433"},{"name":"HPSBMU03143","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=141383026420882&w=2"},{"name":"HPSBMU03182","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=141585637922673&w=2"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://packetstormsecurity.com/files/137344/Sun-Secure-Global-Desktop-Oracle-Global-Desktop-Shellshock.html"},{"name":"HPSBST03155","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=141576728022234&w=2"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685541"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html"},{"name":"61816","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/61816"},{"name":"openSUSE-SU-2014:1310","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html"},{"name":"61442","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/61442"},{"name":"HPSBMU03246","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=142358078406056&w=2"},{"name":"61283","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/61283"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10085"},{"name":"61654","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/61654"},{"name":"USN-2380-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-2380-1"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315"},{"name":"62312","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/62312"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html"},{"name":"HPSBMU03217","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=141879528318582&w=2"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://security-tracker.debian.org/tracker/CVE-2014-6278"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685604"},{"name":"SSRT101868","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=142118135300698&w=2"},{"name":"61703","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/61703"},{"name":"61065","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/61065"},{"name":"HPSBST03129","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=141383196021590&w=2"},{"name":"HPSBMU03144","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=141383081521087&w=2"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686445"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686131"},{"name":"JVNDB-2014-000126","tags":["third-party-advisory","x_refsource_JVNDB","x_transferred"],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126"},{"name":"SSRT101827","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=141879528318582&w=2"},{"name":"61641","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/61641"},{"name":"39887","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"https://www.exploit-db.com/exploits/39887/"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648"},{"name":"SUSE-SU-2014:1287","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685914"},{"name":"MDVSA-2015:164","tags":["vendor-advisory","x_refsource_MANDRIVA","x_transferred"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:164"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075"},{"name":"HPSBMU03220","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=142721162228379&w=2"},{"name":"60325","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/60325"},{"name":"60024","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/60024"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html"},{"name":"20140926 GNU Bash Environment Variable Command Injection Vulnerability","tags":["vendor-advisory","x_refsource_CISCO","x_transferred"],"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147414"},{"name":"62343","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/62343"},{"name":"61565","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/61565"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.suse.com/support/shellshock/"},{"name":"HPSBST03157","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=141450491804793&w=2"},{"name":"61313","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/61313"},{"name":"SSRT101742","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=142358026505815&w=2"},{"name":"61485","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/61485"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183"},{"name":"HPSBST03154","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=141577297623641&w=2"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272"},{"name":"HPSBGN03142","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=141383244821813&w=2"},{"name":"61312","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/61312"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://linux.oracle.com/errata/ELSA-2014-3094"},{"name":"60193","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/60193"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0010.html"},{"name":"60063","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/60063"},{"name":"60034","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/60034"},{"name":"59907","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/59907"},{"name":"58200","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/58200"},{"name":"HPSBST03181","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=141577241923505&w=2"},{"name":"61643","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/61643"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.novell.com/support/kb/doc.php?id=7015721"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21687079"},{"name":"61503","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/61503"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686246"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://support.novell.com/security/cve/CVE-2014-6278.html"},{"name":"HPSBHF03145","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=141383465822787&w=2"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.qnap.com/i/en/support/con_show.php?cid=61"},{"name":"61552","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/61552"},{"name":"61780","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/61780"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://support.citrix.com/article/CTX200223"},{"name":"39568","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"https://www.exploit-db.com/exploits/39568/"},{"name":"HPSBGN03138","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=141330468527613&w=2"},{"name":"60044","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/60044"},{"name":"61291","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/61291"},{"name":"HPSBHF03125","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=141345648114150&w=2"},{"name":"61287","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/61287"},{"name":"HPSBHF03146","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=141383353622268&w=2"},{"name":"HPSBGN03233","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=142118135300698&w=2"},{"name":"SSRT101739","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=142118135300698&w=2"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361"},{"name":"HPSBGN03141","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=141383304022067&w=2"},{"name":"61128","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/61128"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://support.citrix.com/article/CTX200217"},{"name":"61471","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/61471"},{"name":"60055","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/60055"},{"name":"59961","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/59961"},{"name":"61550","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/61550"},{"name":"61633","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/61633"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686494"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://kb.bluecoat.com/index?page=content&id=SA82"},{"name":"61328","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/61328"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685733"},{"name":"61129","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/61129"},{"name":"61603","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/61603"},{"name":"61857","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/61857"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2014-6278","options":[{"Exploitation":"active"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2025-10-02T03:55:45.174012Z","version":"2.0.3"},"type":"ssvc"}},{"other":{"content":{"dateAdded":"2025-10-02","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-6278"},"type":"kev"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-78","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2025-12-30T20:24:56.789Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"references":[{"tags":["government-resource"],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-6278"}],"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2014-09-29T00:00:00.000Z","descriptions":[{"lang":"en","value":"GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2021-11-05T16:38:18.000Z","orgId":"79363d38-fa19-49d1-9214-5f28da3f3ac5","shortName":"debian"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897"},{"tags":["x_refsource_CONFIRM"],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685749"},{"name":"HPSBMU03165","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=141577137423233&w=2"},{"tags":["x_refsource_CONFIRM"],"url":"https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts"},{"tags":["x_refsource_CONFIRM"],"url":"http://linux.oracle.com/errata/ELSA-2014-3093"},{"name":"SSRT101819","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=142721162228379&w=2"},{"name":"HPSBMU03245","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=142358026505815&w=2"},{"tags":["x_refsource_CONFIRM"],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686479"},{"name":"JVN#55667175","tags":["third-party-advisory","x_refsource_JVN"],"url":"http://jvn.jp/en/jp/JVN55667175/index.html"},{"name":"60433","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/60433"},{"name":"HPSBMU03143","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=141383026420882&w=2"},{"name":"HPSBMU03182","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=141585637922673&w=2"},{"tags":["x_refsource_MISC"],"url":"http://packetstormsecurity.com/files/137344/Sun-Secure-Global-Desktop-Oracle-Global-Desktop-Shellshock.html"},{"name":"HPSBST03155","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=141576728022234&w=2"},{"tags":["x_refsource_CONFIRM"],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685541"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html"},{"name":"61816","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/61816"},{"name":"openSUSE-SU-2014:1310","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html"},{"name":"61442","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/61442"},{"name":"HPSBMU03246","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=142358078406056&w=2"},{"name":"61283","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/61283"},{"tags":["x_refsource_CONFIRM"],"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10085"},{"name":"61654","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/61654"},{"name":"USN-2380-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-2380-1"},{"tags":["x_refsource_CONFIRM"],"url":"http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315"},{"name":"62312","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/62312"},{"tags":["x_refsource_CONFIRM"],"url":"https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html"},{"name":"HPSBMU03217","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=141879528318582&w=2"},{"tags":["x_refsource_CONFIRM"],"url":"https://security-tracker.debian.org/tracker/CVE-2014-6278"},{"tags":["x_refsource_CONFIRM"],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685604"},{"name":"SSRT101868","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=142118135300698&w=2"},{"name":"61703","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/61703"},{"name":"61065","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/61065"},{"name":"HPSBST03129","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=141383196021590&w=2"},{"name":"HPSBMU03144","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=141383081521087&w=2"},{"tags":["x_refsource_CONFIRM"],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686445"},{"tags":["x_refsource_CONFIRM"],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686131"},{"name":"JVNDB-2014-000126","tags":["third-party-advisory","x_refsource_JVNDB"],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126"},{"name":"SSRT101827","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=141879528318582&w=2"},{"name":"61641","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/61641"},{"name":"39887","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"https://www.exploit-db.com/exploits/39887/"},{"tags":["x_refsource_CONFIRM"],"url":"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648"},{"name":"SUSE-SU-2014:1287","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898"},{"tags":["x_refsource_CONFIRM"],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685914"},{"name":"MDVSA-2015:164","tags":["vendor-advisory","x_refsource_MANDRIVA"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:164"},{"tags":["x_refsource_CONFIRM"],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075"},{"name":"HPSBMU03220","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=142721162228379&w=2"},{"name":"60325","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/60325"},{"name":"60024","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/60024"},{"tags":["x_refsource_MISC"],"url":"http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html"},{"tags":["x_refsource_MISC"],"url":"http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html"},{"name":"20140926 GNU Bash Environment Variable Command Injection Vulnerability","tags":["vendor-advisory","x_refsource_CISCO"],"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147414"},{"name":"62343","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/62343"},{"name":"61565","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/61565"},{"tags":["x_refsource_CONFIRM"],"url":"https://www.suse.com/support/shellshock/"},{"name":"HPSBST03157","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=141450491804793&w=2"},{"name":"61313","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/61313"},{"name":"SSRT101742","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=142358026505815&w=2"},{"name":"61485","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/61485"},{"tags":["x_refsource_CONFIRM"],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183"},{"name":"HPSBST03154","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=141577297623641&w=2"},{"tags":["x_refsource_CONFIRM"],"url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272"},{"name":"HPSBGN03142","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=141383244821813&w=2"},{"name":"61312","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/61312"},{"tags":["x_refsource_CONFIRM"],"url":"http://linux.oracle.com/errata/ELSA-2014-3094"},{"name":"60193","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/60193"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0010.html"},{"name":"60063","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/60063"},{"name":"60034","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/60034"},{"name":"59907","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/59907"},{"name":"58200","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/58200"},{"name":"HPSBST03181","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=141577241923505&w=2"},{"name":"61643","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/61643"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.novell.com/support/kb/doc.php?id=7015721"},{"tags":["x_refsource_CONFIRM"],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21687079"},{"name":"61503","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/61503"},{"tags":["x_refsource_CONFIRM"],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686246"},{"tags":["x_refsource_CONFIRM"],"url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915"},{"tags":["x_refsource_CONFIRM"],"url":"http://support.novell.com/security/cve/CVE-2014-6278.html"},{"name":"HPSBHF03145","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=141383465822787&w=2"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.qnap.com/i/en/support/con_show.php?cid=61"},{"name":"61552","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/61552"},{"name":"61780","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/61780"},{"tags":["x_refsource_CONFIRM"],"url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279"},{"tags":["x_refsource_CONFIRM"],"url":"https://support.citrix.com/article/CTX200223"},{"name":"39568","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"https://www.exploit-db.com/exploits/39568/"},{"name":"HPSBGN03138","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=141330468527613&w=2"},{"name":"60044","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/60044"},{"name":"61291","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/61291"},{"name":"HPSBHF03125","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=141345648114150&w=2"},{"name":"61287","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/61287"},{"name":"HPSBHF03146","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=141383353622268&w=2"},{"name":"HPSBGN03233","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=142118135300698&w=2"},{"name":"SSRT101739","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=142118135300698&w=2"},{"tags":["x_refsource_CONFIRM"],"url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361"},{"name":"HPSBGN03141","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=141383304022067&w=2"},{"name":"61128","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/61128"},{"tags":["x_refsource_CONFIRM"],"url":"https://support.citrix.com/article/CTX200217"},{"name":"61471","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/61471"},{"name":"60055","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/60055"},{"name":"59961","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/59961"},{"name":"61550","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/61550"},{"name":"61633","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/61633"},{"tags":["x_refsource_MISC"],"url":"http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686494"},{"tags":["x_refsource_CONFIRM"],"url":"https://kb.bluecoat.com/index?page=content&id=SA82"},{"name":"61328","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/61328"},{"tags":["x_refsource_CONFIRM"],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685733"},{"name":"61129","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/61129"},{"name":"61603","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/61603"},{"name":"61857","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/61857"},{"tags":["x_refsource_CONFIRM"],"url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879"},{"tags":["x_refsource_MISC"],"url":"https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@debian.org","ID":"CVE-2014-6278","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897","refsource":"CONFIRM","url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897"},{"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21685749","refsource":"CONFIRM","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685749"},{"name":"HPSBMU03165","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=141577137423233&w=2"},{"name":"https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts","refsource":"CONFIRM","url":"https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts"},{"name":"http://linux.oracle.com/errata/ELSA-2014-3093","refsource":"CONFIRM","url":"http://linux.oracle.com/errata/ELSA-2014-3093"},{"name":"SSRT101819","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=142721162228379&w=2"},{"name":"HPSBMU03245","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=142358026505815&w=2"},{"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21686479","refsource":"CONFIRM","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686479"},{"name":"JVN#55667175","refsource":"JVN","url":"http://jvn.jp/en/jp/JVN55667175/index.html"},{"name":"60433","refsource":"SECUNIA","url":"http://secunia.com/advisories/60433"},{"name":"HPSBMU03143","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=141383026420882&w=2"},{"name":"HPSBMU03182","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=141585637922673&w=2"},{"name":"http://packetstormsecurity.com/files/137344/Sun-Secure-Global-Desktop-Oracle-Global-Desktop-Shellshock.html","refsource":"MISC","url":"http://packetstormsecurity.com/files/137344/Sun-Secure-Global-Desktop-Oracle-Global-Desktop-Shellshock.html"},{"name":"HPSBST03155","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=141576728022234&w=2"},{"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21685541","refsource":"CONFIRM","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685541"},{"name":"http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html"},{"name":"61816","refsource":"SECUNIA","url":"http://secunia.com/advisories/61816"},{"name":"openSUSE-SU-2014:1310","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html"},{"name":"61442","refsource":"SECUNIA","url":"http://secunia.com/advisories/61442"},{"name":"HPSBMU03246","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=142358078406056&w=2"},{"name":"61283","refsource":"SECUNIA","url":"http://secunia.com/advisories/61283"},{"name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10085","refsource":"CONFIRM","url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10085"},{"name":"61654","refsource":"SECUNIA","url":"http://secunia.com/advisories/61654"},{"name":"USN-2380-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-2380-1"},{"name":"http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315","refsource":"CONFIRM","url":"http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315"},{"name":"62312","refsource":"SECUNIA","url":"http://secunia.com/advisories/62312"},{"name":"https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html","refsource":"CONFIRM","url":"https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html"},{"name":"HPSBMU03217","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=141879528318582&w=2"},{"name":"https://security-tracker.debian.org/tracker/CVE-2014-6278","refsource":"CONFIRM","url":"https://security-tracker.debian.org/tracker/CVE-2014-6278"},{"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21685604","refsource":"CONFIRM","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685604"},{"name":"SSRT101868","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=142118135300698&w=2"},{"name":"61703","refsource":"SECUNIA","url":"http://secunia.com/advisories/61703"},{"name":"61065","refsource":"SECUNIA","url":"http://secunia.com/advisories/61065"},{"name":"HPSBST03129","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=141383196021590&w=2"},{"name":"HPSBMU03144","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=141383081521087&w=2"},{"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21686445","refsource":"CONFIRM","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686445"},{"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21686131","refsource":"CONFIRM","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686131"},{"name":"JVNDB-2014-000126","refsource":"JVNDB","url":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126"},{"name":"SSRT101827","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=141879528318582&w=2"},{"name":"61641","refsource":"SECUNIA","url":"http://secunia.com/advisories/61641"},{"name":"39887","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/39887/"},{"name":"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648","refsource":"CONFIRM","url":"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648"},{"name":"SUSE-SU-2014:1287","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html"},{"name":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898","refsource":"CONFIRM","url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898"},{"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21685914","refsource":"CONFIRM","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685914"},{"name":"MDVSA-2015:164","refsource":"MANDRIVA","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:164"},{"name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075","refsource":"CONFIRM","url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075"},{"name":"HPSBMU03220","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=142721162228379&w=2"},{"name":"60325","refsource":"SECUNIA","url":"http://secunia.com/advisories/60325"},{"name":"60024","refsource":"SECUNIA","url":"http://secunia.com/advisories/60024"},{"name":"http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html","refsource":"MISC","url":"http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html"},{"name":"http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html","refsource":"MISC","url":"http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html"},{"name":"20140926 GNU Bash Environment Variable Command Injection Vulnerability","refsource":"CISCO","url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash"},{"name":"https://bugzilla.redhat.com/show_bug.cgi?id=1147414","refsource":"CONFIRM","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1147414"},{"name":"62343","refsource":"SECUNIA","url":"http://secunia.com/advisories/62343"},{"name":"61565","refsource":"SECUNIA","url":"http://secunia.com/advisories/61565"},{"name":"https://www.suse.com/support/shellshock/","refsource":"CONFIRM","url":"https://www.suse.com/support/shellshock/"},{"name":"HPSBST03157","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=141450491804793&w=2"},{"name":"61313","refsource":"SECUNIA","url":"http://secunia.com/advisories/61313"},{"name":"SSRT101742","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=142358026505815&w=2"},{"name":"61485","refsource":"SECUNIA","url":"http://secunia.com/advisories/61485"},{"name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183","refsource":"CONFIRM","url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183"},{"name":"HPSBST03154","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=141577297623641&w=2"},{"name":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272","refsource":"CONFIRM","url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272"},{"name":"HPSBGN03142","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=141383244821813&w=2"},{"name":"61312","refsource":"SECUNIA","url":"http://secunia.com/advisories/61312"},{"name":"http://linux.oracle.com/errata/ELSA-2014-3094","refsource":"CONFIRM","url":"http://linux.oracle.com/errata/ELSA-2014-3094"},{"name":"60193","refsource":"SECUNIA","url":"http://secunia.com/advisories/60193"},{"name":"http://www.vmware.com/security/advisories/VMSA-2014-0010.html","refsource":"CONFIRM","url":"http://www.vmware.com/security/advisories/VMSA-2014-0010.html"},{"name":"60063","refsource":"SECUNIA","url":"http://secunia.com/advisories/60063"},{"name":"60034","refsource":"SECUNIA","url":"http://secunia.com/advisories/60034"},{"name":"59907","refsource":"SECUNIA","url":"http://secunia.com/advisories/59907"},{"name":"58200","refsource":"SECUNIA","url":"http://secunia.com/advisories/58200"},{"name":"HPSBST03181","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=141577241923505&w=2"},{"name":"61643","refsource":"SECUNIA","url":"http://secunia.com/advisories/61643"},{"name":"http://www.novell.com/support/kb/doc.php?id=7015721","refsource":"CONFIRM","url":"http://www.novell.com/support/kb/doc.php?id=7015721"},{"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21687079","refsource":"CONFIRM","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21687079"},{"name":"61503","refsource":"SECUNIA","url":"http://secunia.com/advisories/61503"},{"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21686246","refsource":"CONFIRM","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686246"},{"name":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915","refsource":"CONFIRM","url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915"},{"name":"http://support.novell.com/security/cve/CVE-2014-6278.html","refsource":"CONFIRM","url":"http://support.novell.com/security/cve/CVE-2014-6278.html"},{"name":"HPSBHF03145","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=141383465822787&w=2"},{"name":"http://www.qnap.com/i/en/support/con_show.php?cid=61","refsource":"CONFIRM","url":"http://www.qnap.com/i/en/support/con_show.php?cid=61"},{"name":"61552","refsource":"SECUNIA","url":"http://secunia.com/advisories/61552"},{"name":"61780","refsource":"SECUNIA","url":"http://secunia.com/advisories/61780"},{"name":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279","refsource":"CONFIRM","url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279"},{"name":"https://support.citrix.com/article/CTX200223","refsource":"CONFIRM","url":"https://support.citrix.com/article/CTX200223"},{"name":"39568","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/39568/"},{"name":"HPSBGN03138","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=141330468527613&w=2"},{"name":"60044","refsource":"SECUNIA","url":"http://secunia.com/advisories/60044"},{"name":"61291","refsource":"SECUNIA","url":"http://secunia.com/advisories/61291"},{"name":"HPSBHF03125","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=141345648114150&w=2"},{"name":"61287","refsource":"SECUNIA","url":"http://secunia.com/advisories/61287"},{"name":"HPSBHF03146","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=141383353622268&w=2"},{"name":"HPSBGN03233","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=142118135300698&w=2"},{"name":"SSRT101739","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=142118135300698&w=2"},{"name":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361","refsource":"CONFIRM","url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361"},{"name":"HPSBGN03141","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=141383304022067&w=2"},{"name":"61128","refsource":"SECUNIA","url":"http://secunia.com/advisories/61128"},{"name":"https://support.citrix.com/article/CTX200217","refsource":"CONFIRM","url":"https://support.citrix.com/article/CTX200217"},{"name":"61471","refsource":"SECUNIA","url":"http://secunia.com/advisories/61471"},{"name":"60055","refsource":"SECUNIA","url":"http://secunia.com/advisories/60055"},{"name":"59961","refsource":"SECUNIA","url":"http://secunia.com/advisories/59961"},{"name":"61550","refsource":"SECUNIA","url":"http://secunia.com/advisories/61550"},{"name":"61633","refsource":"SECUNIA","url":"http://secunia.com/advisories/61633"},{"name":"http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html","refsource":"MISC","url":"http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html"},{"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21686494","refsource":"CONFIRM","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686494"},{"name":"https://kb.bluecoat.com/index?page=content&id=SA82","refsource":"CONFIRM","url":"https://kb.bluecoat.com/index?page=content&id=SA82"},{"name":"61328","refsource":"SECUNIA","url":"http://secunia.com/advisories/61328"},{"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21685733","refsource":"CONFIRM","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21685733"},{"name":"61129","refsource":"SECUNIA","url":"http://secunia.com/advisories/61129"},{"name":"61603","refsource":"SECUNIA","url":"http://secunia.com/advisories/61603"},{"name":"61857","refsource":"SECUNIA","url":"http://secunia.com/advisories/61857"},{"name":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879","refsource":"CONFIRM","url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879"},{"name":"https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006","refsource":"MISC","url":"https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006"}]}}}},"cveMetadata":{"assignerOrgId":"79363d38-fa19-49d1-9214-5f28da3f3ac5","assignerShortName":"debian","cveId":"CVE-2014-6278","datePublished":"2014-09-30T10:00:00.000Z","dateReserved":"2014-09-09T00:00:00.000Z","dateUpdated":"2025-12-30T20:24:56.789Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2014-09-30 10:55:04","lastModifiedDate":"2026-04-22 16:07:15","problem_types":["CWE-78","n/a","CWE-78 CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*","matchCriteriaId":"FCAC75DF-FFF7-4721-9D47-6E29A5CCB7C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:1.14.1:*:*:*:*:*:*:*","matchCriteriaId":"FCF4B4BB-C5A0-4283-9657-FC61BC95C014"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:1.14.2:*:*:*:*:*:*:*","matchCriteriaId":"9B04CBBD-E855-48D7-A5C9-AEC2B38FF1F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:1.14.3:*:*:*:*:*:*:*","matchCriteriaId":"972BDA0A-25C8-4C02-8624-07D2462C214C"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:1.14.4:*:*:*:*:*:*:*","matchCriteriaId":"5B9EDE56-A8C4-40A8-9D14-F6E86F464BD7"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:1.14.5:*:*:*:*:*:*:*","matchCriteriaId":"DAB4B8E1-E013-4DB5-AF65-70CC2AEC3B20"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:1.14.6:*:*:*:*:*:*:*","matchCriteriaId":"B5428D5A-7443-4BDD-9690-E44DBDBCAC9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:1.14.7:*:*:*:*:*:*:*","matchCriteriaId":"18A6E8C3-334D-443B-8AD6-F8A131490F4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:2.0:*:*:*:*:*:*:*","matchCriteriaId":"5C74DAE6-8A77-47BF-B3ED-D76CD5AD75BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:2.01:*:*:*:*:*:*:*","matchCriteriaId":"8B631B7E-C59D-444F-80CE-DC2345A56E97"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:2.01.1:*:*:*:*:*:*:*","matchCriteriaId":"91C8E637-AD10-4854-AD60-A908D017DDA8"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:2.02:*:*:*:*:*:*:*","matchCriteriaId":"75AB7456-89E4-4F40-82D0-EED52CAEE670"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:2.02.1:*:*:*:*:*:*:*","matchCriteriaId":"C7E516F7-B6C6-4A0B-90F4-BC0F382E62E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:2.03:*:*:*:*:*:*:*","matchCriteriaId":"2E37A5D0-79EB-442D-B4B8-49F5137A3FA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:2.04:*:*:*:*:*:*:*","matchCriteriaId":"AE919509-57B0-4D13-9503-943D5BFED620"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:2.05:*:*:*:*:*:*:*","matchCriteriaId":"0F027515-A126-4899-B78E-121C8312002F"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:2.05:a:*:*:*:*:*:*","matchCriteriaId":"AC05A483-FAFD-4C40-85BC-D2EE907B2B54"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:2.05:b:*:*:*:*:*:*","matchCriteriaId":"097C61C9-4761-4D8F-9590-376FC1A5522B"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:3.0:*:*:*:*:*:*:*","matchCriteriaId":"FCA81069-36E0-4035-B31F-A5281E10C760"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:3.0.16:*:*:*:*:*:*:*","matchCriteriaId":"BC216C39-2EA0-4B58-87EA-81A737E5D2E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:3.1:*:*:*:*:*:*:*","matchCriteriaId":"88731DFF-B0B1-4325-A662-287D5E6E7265"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:3.2:*:*:*:*:*:*:*","matchCriteriaId":"A7BB3ECE-0E83-45EB-AC27-BA29E2C52D1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:3.2.48:*:*:*:*:*:*:*","matchCriteriaId":"3FA313D8-2B28-4C73-A96B-7814C37F0725"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:4.0:*:*:*:*:*:*:*","matchCriteriaId":"43630818-4A62-4766-AADC-AB87BE1C5553"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:4.0:rc1:*:*:*:*:*:*","matchCriteriaId":"202B9DB4-80DC-4D1C-8DA8-C06E89FF542A"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:4.1:*:*:*:*:*:*:*","matchCriteriaId":"37CB667F-26C8-46FA-81CE-1F6909AC006D"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:4.2:*:*:*:*:*:*:*","matchCriteriaId":"755984AB-D061-45F0-8845-D7B78BA506E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:4.3:*:*:*:*:*:*:*","matchCriteriaId":"BC1DAC9F-711C-47EA-9BBC-0EDB2AF0A1AC"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"6278","Ordinal":"1","Title":"CVE-2014-6278","CVE":"CVE-2014-6278","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"6278","Ordinal":"1","NoteData":"GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.","Type":"Description","Title":"CVE-2014-6278"},{"CveYear":"2014","CveId":"6278","Ordinal":"2","NoteData":"2014-09-30","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"6278","Ordinal":"3","NoteData":"2021-11-05","Type":"Other","Title":"Modified"}]}}}