Certified Ethical Hacker (CEH v11) — Question 396

What is the most common method to exploit the `Bash Bug` or `Shellshock` vulnerability?

Answer options

• A. SYN Flood
• B. SSH
• C. Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server
• D. Manipulate format strings in text fields

Correct answer: C

Explanation

The correct answer is C because the Shellshock vulnerability is specifically exploited by sending crafted environment variables through CGI scripts. The other options, while they represent different attack vectors, do not pertain to the Shellshock vulnerability and therefore are not applicable.