Shellshock (CVE-2014-6271) is a vulnerability in the GNU Bash (Bourne Again Shell) that allows remote code execution via crafted environment variables. It was disclosed in 2014 and had a wide impact on systems that relied on Bash as a command-line shell interpreter.
Affected systems include:
Linux distributions (Red Hat, Debian, CentOS, Ubuntu, etc.)
Unix variants (e.g., FreeBSD, OpenBSD, etc.)
Apple macOS (formerly OS X), since it uses Bash as the default shell
Windows systems were not directly affected because they do not use Bash by default. Bash is not a native component of Windows operating systems, and Shellshock exploits Bash-specific behavior. Only Windows systems where Bash was manually installed through a third-party method or environment (e.g., Cygwin) might be susceptible — but by default, Windows systems are immune.
Incorrect options:
A. Linux — Affected
B. Unix — Affected
C. OS X — Affected
D. Windows — Not directly affected (Correct answer)
[Reference:, CEH v13 eCourseware – Module 06: System Hacking → "Common Vulnerabilities: Shellshock", CEH v13 Study Guide – Chapter: “Understanding Common Exploits and Vulnerabilities” → Section: “Shellshock Bash Vulnerability”, , Additional Reference (Public Disclosure):, NVD – CVE-2014-6271 (Shellshock) https://nvd.nist.gov/vuln/detail/CVE-2014-6271, , ===========================================, , , ]
Submit