CVE-2014-6278

KEV EPSS 91.40% · P100 Updated Jan 03, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2014-6278

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

GNU Bash 操作系统命令注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

GNU Bash是美国软件开发者布莱恩-福克斯（Brian J. Fox）为GNU计划而编写的一个Shell（命令语言解释器），它运行于类Unix操作系统中（Linux系统的默认Shell），并能够从标准输入设备或文件中读取、执行命令，同时也结合了一部分ksh和csh的特点。 GNU Bash 4.3及之前版本中存在安全漏洞，该漏洞源于程序没有正确解析环境变量中的函数定义。远程攻击者可借助特制的环境变量利用该漏洞执行任意命令。以下产品可能受到影响：OpenSSH sshd中的ForceCommand功能，

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2014-6278

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2014-6278

请登录查看更多情报信息。

http://www.vmware.com/security/advisories/VMSA-2014-0010.htmlx_refsource_CONFIRM
http://www.qnap.com/i/en/support/con_show.php?cid=61x_refsource_CONFIRM
http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.htmlx_refsource_MISC
http://www-01.ibm.com/support/docview.wss?uid=swg21685604x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21686479x_refsource_CONFIRM
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315x_refsource_CONFIRM
http://support.novell.com/security/cve/CVE-2014-6278.htmlx_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21686445x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21686246x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279x_refsource_CONFIRM
https://www.arista.com/en/support/advisories-notices/security-advisories/1008-security-advisory-0006x_refsource_MISC
http://www-01.ibm.com/support/docview.wss?uid=swg21685541x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21685914x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21687079x_refsource_CONFIRM
https://security-tracker.debian.org/tracker/CVE-2014-6278x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915x_refsource_CONFIRM
http://www.novell.com/support/kb/doc.php?id=7015721x_refsource_CONFIRM
http://packetstormsecurity.com/files/137344/Sun-Secure-Global-Desktop-Oracle-Global-Desktop-Shellshock.htmlx_refsource_MISC
http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.htmlx_refsource_CONFIRM
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648x_refsource_CONFIRM
https://kb.bluecoat.com/index?page=content&id=SA82x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21685749x_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10085x_refsource_CONFIRM
https://support.citrix.com/article/CTX200217x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272x_refsource_CONFIRM
Multiple GNU Bash vulnerabilitiesx_refsource_CONFIRM
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21686494x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1147414x_refsource_CONFIRM
Security Bulletin: Vulnerabilities in Bash affect IBM SDN VE (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21685733x_refsource_CONFIRM
https://www.suse.com/support/shellshock/x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21686131x_refsource_CONFIRM
https://support.citrix.com/article/CTX200223x_refsource_CONFIRM
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879x_refsource_CONFIRM
http://secunia.com/advisories/61291third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61471third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61703third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61552third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61857third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/58200third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61312third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/59907third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61283third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61313third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/60034third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61550third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/60044third-party-advisoryx_refsource_SECUNIA
https://www.exploit-db.com/exploits/39887/exploitx_refsource_EXPLOIT-DB
http://secunia.com/advisories/60024third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/60055third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/62343third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61485third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61641third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61654third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61129third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/60325third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/60193third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61643third-party-advisoryx_refsource_SECUNIA
Cisco UCS Manager 2.1(1b) - Remote Command Injection (Shellshock) - Hardware remote Exploitexploitx_refsource_EXPLOIT-DB
http://secunia.com/advisories/61287third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/60433third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61633third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61816third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61780third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61065third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61503third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61328third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61442third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/62312third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/59961third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61565third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/61603third-party-advisoryx_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-2380-1vendor-advisoryx_refsource_UBUNTU
http://marc.info/?l=bugtraq&m=142721162228379&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141383026420882&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141585637922673&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141383465822787&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=142358026505815&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141383353622268&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=142358078406056&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141577241923505&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141383081521087&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141383196021590&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141879528318582&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141345648114150&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141450491804793&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141383304022067&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141576728022234&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141383244821813&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141330468527613&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141577137423233&w=2vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=141577297623641&w=2vendor-advisoryx_refsource_HP
http://jvn.jp/en/jp/JVN55667175/index.htmlthird-party-advisoryx_refsource_JVN
http://www.mandriva.com/security/advisories?name=MDVSA-2015:164vendor-advisoryx_refsource_MANDRIVA
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126third-party-advisoryx_refsource_JVNDB
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.htmlvendor-advisoryx_refsource_SUSE
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bashvendor-advisoryx_refsource_CISCO
https://nvd.nist.gov/vuln/detail/CVE-2014-6278

Same Patch Batch · n/a · 2014-09-30 · 83 CVEs total

CVE-2012-6316		TP-LINK TL-WR841N路由器跨站脚本漏洞
CVE-2014-4728		TP-LINK N750 Wireless Dual Band Gigabit Router 资源管理错误漏洞
CVE-2012-5505		Plone 信息泄露漏洞
CVE-2012-5506		Plone 资源管理错误漏洞
CVE-2012-5504		Plone 跨站脚本漏洞
CVE-2012-5501		Plone 权限许可和访问控制漏洞
CVE-2012-5499		Plone 资源管理错误漏洞
CVE-2012-5498		Plone 权限许可和访问控制问题漏洞
CVE-2012-5497		Plone 信息泄露漏洞
CVE-2012-5502		Plone 跨站脚本漏洞
CVE-2012-5507		Zope 竞争条件漏洞
CVE-2014-0170		Red Hat Teiid和Red Hat JBoss Data Virtualization 安全漏洞
CVE-2014-3558		Red Hat Hibernate Validator 权限许可和访问控制漏洞
CVE-2014-5267		Drupal 权限许可和访问控制漏洞
CVE-2014-5444		Geary 加密问题漏洞
CVE-2014-6269		HAProxy 整数溢出漏洞
CVE-2014-6273		APT 缓冲区错误漏洞
CVE-2014-7199		MediaWiki 跨站脚本漏洞
CVE-2014-4330		Perl Data::Dumper 缓冲区溢出漏洞
CVE-2014-4727		TP-LINK N750 Wireless Dual Band Gigabit Router 跨站脚本漏洞

Showing top 20 of 83 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2014-6278

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2014-6278

I. Basic Information for CVE-2014-6278

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2014-6278

III. Intelligence Information for CVE-2014-6278

Same Patch Batch · n/a · 2014-09-30 · 83 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2014-6278

Leave a comment