{"vulnerability": "CVE-2014-6277", "sightings": [{"uuid": "8c5d5b1c-fd10-46db-aa4b-c9aaabc2260d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "db99543d-496c-4eef-ad0a-2df2093364df", "vulnerability": "CVE-2014-62771", "type": "confirmed", "source": "https://www.exploit-db.com/exploits/34839", "content": "", "creation_timestamp": "2014-10-01T00:00:00.000000Z"}, {"uuid": "d2c11eb3-40b0-4bd5-a73a-6f9bb8b65e41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "db99543d-496c-4eef-ad0a-2df2093364df", "vulnerability": "CVE-2014-6277", "type": "confirmed", "source": "https://www.exploit-db.com/exploits/36933", "content": "", "creation_timestamp": "2014-09-29T00:00:00.000000Z"}, {"uuid": "16244dd2-1e15-425b-9502-3b076c3f4344", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "db99543d-496c-4eef-ad0a-2df2093364df", "vulnerability": "CVE-2014-62771", "type": "confirmed", "source": "https://www.exploit-db.com/exploits/34862", "content": "", "creation_timestamp": "2014-10-02T00:00:00.000000Z"}, {"uuid": "f5037dab-6bb3-4985-882f-f117db9b7dd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "db99543d-496c-4eef-ad0a-2df2093364df", "vulnerability": "CVE-2014-62771", "type": "confirmed", "source": "https://www.exploit-db.com/exploits/34777", "content": "", "creation_timestamp": "2014-09-25T00:00:00.000000Z"}, {"uuid": "fa4bf927-8862-45ac-a6ed-6b7f585a8e9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "db99543d-496c-4eef-ad0a-2df2093364df", "vulnerability": "CVE-2014-62771", "type": "confirmed", "source": "https://www.exploit-db.com/exploits/35115", "content": "", "creation_timestamp": "2014-10-29T00:00:00.000000Z"}, {"uuid": "11505126-b7dd-4e0c-8c9c-41b7f7454eb1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "db99543d-496c-4eef-ad0a-2df2093364df", "vulnerability": "CVE-2014-6277", "type": "confirmed", "source": "https://www.exploit-db.com/exploits/35081", "content": "", "creation_timestamp": "2014-10-27T00:00:00.000000Z"}, {"uuid": "e388b71f-d385-4662-9dad-6f80c7363938", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "db99543d-496c-4eef-ad0a-2df2093364df", "vulnerability": "CVE-2014-62771", "type": "confirmed", "source": "https://www.exploit-db.com/exploits/34895", "content": "", "creation_timestamp": "2014-10-06T00:00:00.000000Z"}, {"uuid": "e06f6812-416e-44dd-9592-9406c27dbaed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "db99543d-496c-4eef-ad0a-2df2093364df", "vulnerability": "CVE-2014-62771", "type": "confirmed", "source": "https://www.exploit-db.com/exploits/34896", "content": "", "creation_timestamp": "2014-10-06T00:00:00.000000Z"}, {"uuid": "58e6433e-3563-4702-99bf-04f87b9f0fac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "db99543d-496c-4eef-ad0a-2df2093364df", "vulnerability": "CVE-2014-62771", "type": "confirmed", "source": "https://www.exploit-db.com/exploits/34765", "content": "", "creation_timestamp": "2014-09-25T00:00:00.000000Z"}, {"uuid": "dd725d8a-9fcd-4b7a-8c11-f7af8ffa74e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "db99543d-496c-4eef-ad0a-2df2093364df", "vulnerability": "CVE-2014-62771", "type": "confirmed", "source": "https://www.exploit-db.com/exploits/34766", "content": "", "creation_timestamp": "2014-09-25T00:00:00.000000Z"}, {"uuid": "7a6f2d46-4ca3-4ad6-87de-4120eb6655a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2014-6277", "type": "seen", "source": "https://t.me/arpsyndicate/1926", "content": "#ExploitObserverAlert\n\nCVE-2014-6278\n\nDESCRIPTION: Exploit Observer has 142 entries related to CVE-2014-6278. GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.\n\nFIRST-EPSS: 0.973450000\nNVD-IS: 10.0\nNVD-ES: 10.0", "creation_timestamp": "2023-12-18T06:11:35.000000Z"}, {"uuid": "345e9718-48ec-4846-a148-a79b0e888e61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2014-6277", "type": "seen", "source": "https://t.me/arpsyndicate/1911", "content": "#ExploitObserverAlert\n\nCVE-2014-6277\n\nDESCRIPTION: Exploit Observer has 127 entries related to CVE-2014-6277. GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.\n\nFIRST-EPSS: 0.973120000\nNVD-IS: 10.0\nNVD-ES: 10.0", "creation_timestamp": "2023-12-18T04:29:01.000000Z"}]}