Security Hub

Bring your software development workflows to security

icon-shellshock

Shellshock

Signals & Triggers

On shell command
If command tries to run command using ShellShock

Actions

  • prevent code execution Prevent code execution
  • block incoming http request Block incoming http request
  • Send a slack notification Send a Slack notification
  • Send an email notification Send an email notification
  • POST to webhook
  • Log request stack trace

Details

Shellshock (also known as Bashdoor) is a security vulnerability in the widely used UNIX Bash shell. Many Internet-facing services, such as web servers rely on Bash to process requests, allowing an attacker to execute arbitrary commands on vulnerable versions of Bash. A Shellshock allows an attacker to gain unauthorized access on a server.

Advanced details

When a shell command is executed by the application, Sqreen checks the environment variables. If one of them appears to be a code injection attack (e.g.: () { :;}; cat /etc/passwd), this plugin will trigger.

Language support

  • Node.js
  • PHP
  • Ruby
  • Python
  • Java

Data collected by Sqreen

No data collected


On attack
  • Name and value of the malicious environment variable.
  • Stack trace

Build amazing products. Keep them safe.

Dive into Sqreen with our 14-day trial, and experience seamlessly security. Sign up Request demo