A remotely exploitable vulnerability has been discovered in bash on Linux and it is unpleasant. The vulnerability has the CVE identifier CVE-2014-6271 and has been given the name Shellshock by some. The major attack vectors that have been identified in this case are HTTP requests and CGI scripts. There are several functional mitigations for this vulnerability: upgrading to a new version of bash, replacing bash with an alternate shell, limiting access to vulnerable services, or filtering inputs. The race is on to patch before Metasploit has a working exploit.”]
Source: https://www.csoonline.com/article/2687265/remote-exploit-in-bash-cve-2014-6271.html