Loading...

Knowledge Center


How to run a single vulnerability scan for the Shellshock vulnerability (CVE-2014-6271)
Technical Articles ID:   KB83002
Last Modified:  1/6/2016
Rated:


Environment

McAfee Vulnerability Manager 7.5, 7.0

Summary

This article provides instructions on how to create a single vulnerability scan to identify the Shellshock vulnerability (CVE-2014-6271) in an environment.

Solution

Use the following steps to create a single vulnerability scan to identify the Shellshock vulnerability in an environment:
  1. Ensure that you are running the latest Vulnerability Manager FASL content. For details, see KB83004.
  2. In the Vulnerability Manager GUI, click Scans, New Scan to create a new scan. The scan editor opens.
  3. Select the Use a McAfee Vulnerability Manager Template radio button. The templates display.
  4. Scroll through the list of templates to locate the Single Vulnerability Scan option, select it, and then click Next.
     
     
  5. Define your scan targets. You can specify IP addresses, ranges, hostnames, or DNS names in the Host Name, IP, or URL field. Click the + symbol to include them in the scan configuration, and then click Next.
     
     
  6. Edit the vulnerability check configuration as follows:
    1. On the top pane, select the Do not use a Vuln set radio button.
    2. Select the General and Shell modules.
    3. On the lower right, from the Search By drop-down menu, select CVE Number, type CVE-2014-6271 in the text field, and click Search.
    4. After the search completes, expand the categories you are interested in and make your selections for vulnerability checks.
     
     
  7. Finish the scan configuration, select the appropriate scan engine, and select the schedule you would like to use for the scan.
     
    NOTE: The vulnerability check GNU Bash Environment Variable Injection Code Execution in the Web Server category does not require credentials. If you are using any of the other vendor specific patch checks or the GNU Bash Environment Variable Injection Code Execution check in the SSH Miscellaneous category, you will need to provide credentials to the scan configuration using the Credentials menu option on the left.

Rate this document

Did this article resolve your issue?

Please provide any comments below

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.