Shellshock Vulnerable Assets

Document created by gavin Employee on Sep 30, 2014
Version 1Show Document
  • View in full screen mode

With the new Shellshock vulnerability coverage in Nexpose two new report templates have been developed so you can easily report on the assets that are affected and assess your surface area of exposure to the issue.


Affected Systems Only

The affected systems only template shows the assets that have been confirmed as being vulnerable to the Shellshock vulnerability after a recent scan. For each asset, all affected CVE-IDs will be displayed.


Here's an example of the report template:



Affected and Potential Systems

The report has two main sections. The first section shows all assets known to be vulnerable to the Shellshock vulnerability (same as the template above). The second section shows any assets running Bash (not necessarily just the vulnerable Bash versions). These assets are of interest as they may be potentially vulnerable. So if you are looking to narrow down your vulnerability scans, these assets are a good place to start. The assets are grouped by the version of Bash that has been detected.


Here's an example of the report template:



Download either of the attached files and upload into your Nexpose system to start analyzing your assets. To upload the report templates, navigate to the Reports page and then Manage Report Templates. Create a new template and set the file type as Upload.