8 Replies Latest reply on Sep 26, 2014 8:39 PM by trillium

    CVE-2014-6271 - Custom Attack Rule for NSP

    Erik

      DearBytes SOC has generated a NSP custom attack rule based on the SNORT rule created by Volexity. (credits: CVE-2014-6271 – Remotely Exploitable Vulnerability in Bash | Volexity Blog)

       

      This can be imported in NSP to detect and block attacks on CVE-2014-6172. The rule is set to HIGH severity. Depending on your own config (whether IPS high severity is in blocking mode), this may directly lead to traffic being blocked, please bare this in mind.