WAF 330701

From Atomicorp Wiki
Jump to: navigation, search
Rule 330701
Status Active
Alert Message Atomicorp.com WAF Rules: Potential CVE-2014-6271 Bash Attack

Contents

Description

This rules detects when a potential attack is made against a web application, such as a CGI application, to take advantage of the bash shell CVE-2014-6271 vulnerability. The vulnerability allows remote command execution against the system. If you are not sure if you have patched bash to prevent this attack, do not disable this rule.

Troubleshooting

False Positives

It is not recommended that you disable this rule if you have a false positive. If you believe this is a false positive, please report this to our security team to determine if this is a legitimate case, or if its clever attack on your system. Instructions to report false positives are detailed on the Reporting False Positives wiki page. If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Tuning Guidance

Please see the Tuning the Atomicorp WAF Rules page for basic information if you wish to tune, or disable this rule.

Additional Information

Similar Rules

None.

Knowledge Base Articles

None.

Outside References

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

Notes

Personal tools