Critical Vulnerability Detected via Qualys Vulnerability Management Cloud offering and Qualys FreeScan Service
REDWOOD CITY, Calif. –– Sept. 29, 2014 –– Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud security and compliance solutions, today announced that its Qualys Vulnerability Management (VM) cloud service detects the GNU Bash Shellshock (CVE-2014-6271) vulnerability.
Qualys customers can detect the Bash bug by scanning with the Qualys Vulnerability Management (VM) cloud service as QID 122693 and 13038. This means that Qualys customers can get reports detailing their enterprise-wide exposure whenever they next scan their assets, which allows them to get visibility into the impact in their organization and efficiently track the remediation speed of the issue.
Additionally, a vulnerability check for Shellshock is included in Qualys Freescan, which allows any organization to verify the security status of an Internet facing server.
“Bash allows attackers to specify arbitrary commands to execute by formatting an environment variable in a specific way. Given that the flaw has been around for more than 10 years, almost all Linux and Unix machines running will be vulnerable and this could have a bigger impact than Heartbleed which we saw earlier this year,” said Wolfgang Kandek, Chief Technical Officer for Qualys, Inc.
For more information on Bash Shellshock, follow the conversation on our Laws of Vulnerabilities blog.
About Qualys, Inc.
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud security and compliance solutions with over 6,700 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The Qualys Cloud Platform and integrated suite of solutions help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, Accuvant, BT, Cognizant Technology Solutions, Dell SecureWorks, Fujitsu, HCL Comnet, InfoSys, NTT, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA) and Council on CyberSecurity. For more information, please visit www.qualys.com.
Qualys and the Qualys logo are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.
LEWIS PR on behalf of Qualys