CVE-2014-6271
a vulnerability was found in gnu bash and classified as very critical. This issue affects some unknown functionality of the file variables.c of the component Environment Variable Handler. The manipulation of the argument Environment with an unknown input leads to a os command injection vulnerability (Shellshock). Using CWE to declare the problem leads to CWE-78. The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. Impacted is confidentiality, integrity, and availability.
Exploit
While exploiting the ShellShock vulnerability largely depends on how the target application is configured, this Python script that I found online specifically aims the target web application