Tag: bash | Qualys Blog

Using Qualys WAS Scan to Detect ShellShock Vulnerability

Posted by Frank Catucci in Qualys Technology on October 2, 2014

Qualys Web Application Scanning (WAS) has added a new detection that will provide the most comprehensive identification of the Shellshock vulnerability across all of your web applications. With the ability to crawl and identify even non-standard directory locations within your web application, Qualys WAS will deliver the most accurate, detailed and reliable form of automated ShellShock detection for web applications. ShellShock is a wide-reaching vulnerability with multiple attack vectors. If you use any form of Linux or Unix machines in your network you are likely to have the vulnerability. We have released a new QID (150134) for WAS specifically for this purpose.

No Comments
Permalink
Tags: #bashbug, #shellshock, bash, bug, content, shell, shellshocker, shock, shocker, tagged, was, with

Qualys QID 13038: Remote Detection for BASH ShellShock

Posted by ses wang in Security Labs on September 25, 2014

Today Qualys is releasing QID 13038 in VULNSIG Release VULNSIGS-2.2.831-5 for remotely detecting ShellShock. For details on BASH ShellShock, refer to Wolfgang’s blog BASH Shellshock vulnerability – Update2. As you may know there could be multiple exploit vectors and the most popular remote vector is via the use of a cgi script using HTTP headers. QID 13038 is based on a similar technique. If you need a complete inventory of your machines that need patching we recommend that you use the authenticated QID 122693 and QID 122698.

BASH Shellshock vulnerability – Update5

Posted by wkandek in The Laws of Vulnerabilities on September 24, 2014

Update5: We have added a new profile in Qualys VM that uses the advanced crawling capabilities of Qualys WAS to detect Shellshock in CGI programs. WIth this profile you get better coverage than with the current QID 13038. There is a good explanation of how to setup the profile at our blog post: Custom Option Profile To Detect Bash Shellshock

Check it out. I am looking forward to your feedback.

Update4: Our web application scanner (WAS) has been updated with a Shellshock detection. Look for QID 150134 in your WAS scans. Differently from our VM detections, WAS has an advanced crawler with JavaScript capabilities which allows you to cover the entire website and probe for CGI scripts susceptible to Shellshock on a much wider range.

Update3: The last couple of days have been filled with new information on Shellshock. Today for example we had news on a first botnet that is using Shellshock, illustrating the speed We are working on adding checks into other relevant areas, such as our Web Application Scanner. Stand by for more news on that. In the meantime we have collected a number of community posts on how to use QualysGuard to detect and report on Shellshock. Here is a quick run-down for your reference:

22 Comments
Permalink
Tags: apache, bash, cgi, product news, shell