SOURCE: Qualys

Qualys

September 29, 2014 13:30 ET

Qualys Releases Detection for Bash Shellshock Vulnerability

Critical Vulnerability Detected via Qualys Vulnerability Management Cloud Offering and Qualys FreeScan Service

REDWOOD CITY, CA--(Marketwired - Sep 29, 2014) - Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud security and compliance solutions, today announced that its Qualys Vulnerability Management (VM) cloud service detects the GNU Bash Shellshock (CVE-2014-6271) vulnerability.

Qualys customers can detect the Bash bug by scanning with the Qualys Vulnerability Management (VM) cloud service as QID 122693 and 13038. This means that Qualys customers can get reports detailing their enterprise-wide exposure whenever they next scan their assets, which allows them to get visibility into the impact in their organization and efficiently track the remediation speed of the issue.

Additionally, a vulnerability check for Shellshock is included in Qualys Freescan, which allows any organization to verify the security status of an Internet facing server.

"Bash allows attackers to specify arbitrary commands to execute by formatting an environment variable in a specific way. Given that the flaw has been around for more than10 years, almost all Linux and Unix machines running will be vulnerable and this could have a bigger impact than Heartbleed which we saw earlier this year," said Wolfgang Kandek, Chief Technical Officer for Qualys, Inc.

For more information on Bash Shellshock, follow the conversation on our Laws of Vulnerabilities blog.

Additional Resources

About Qualys, Inc.
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud security and compliance solutions with over 6,700 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100.The Qualys Cloud Platform and integrated suite of solutions help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, Accuvant, BT, Cognizant Technology Solutions, Dell SecureWorks, Fujitsu, HCL Comnet, InfoSys, NTT, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA) and Council on CyberSecurity. For more information, please visit www.qualys.com

Qualys and the Qualys logo are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

Contact Information

  • MEDIA CONTACTS:
    Melissa Liton
    Qualys, Inc.
    (650) 801-6242
    Email Contact

    Michelle Kincaid
    LEWIS PR on behalf of Qualys
    (415) 432-2467
    Email Contact