Archive for October, 2014

Acunetix Web Vulnerability Scanner v9.5.x

Officially known as CVE-2014-6271, this vulnerability, cordially termed ShellShock, has been assigned the highest CVSS score of 10, a score that the notorious HeartBleed did not achieve. The high score is more than warranted. The vulnerability is very easy to exploit allowing pretty much every script kiddie to take control of a vulnerable server and execute arbitrary code.

Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell. The first disclosed on the vulnerability on 24 September 2014. Many Internet daemons and services, such as web servers, use Bash to process certain commands, allowing an attacker to cause vulnerable versions of Bah to execute arbitrary commands such as to gain unauthorised access to a computer system.

Acunetix has already been updated to identify web servers vulnerable to ShellShock. The next time you start Acunetix WVS latest version, you will be prompted to install an update, which includes detection of ShellShock.

For interest to know more about how it impact on business infrastructure, and how the E-SPIN carry solutions can help to resolve the case, please feel free to contact E-SPIN officers across the region.

Read Full Post »