A recent security issue for Apache has been discovered in a core component of the Linux platform, Bash. The Bash platform has been discovered to potentially allow malicious users the ability to remotely execute arbitrary commands on certain systems.
Dubbed ‘Shellshock’, the bug affects the ‘Bash’ command line shell, as well as any third party applications that depend on it (including the popular Apache web server). Within a day of the hole being discovered, the exploit has been used to distribute worms and other malware and has been highlighted as a major security issue for Apache users.
If you are a user of Apache, you may want to consider switching to an alternative, such as nginx before any would be hackers manage to take advantage of this vulnerability and security issue for Apache.
Affected platforms include Linux, Mac OS X and a number of “embedded” devices that run a derivative of the free operating system. Whilst vendors are in the process of releasing patches to close the security hole, BSD-based systems and Windows are not affected.