http://www.csoonline.com/article/2687265/application-security/remote-exploit-in-bash-cve-2014-6271.html
https://news.ycombinator.com/item?id=8361574 I've seen a few mentions of CGI being vulnerable to attacks from this issue. An example from the HN threads: GET / HTTP/1.0 User-Agent: () { :; }; rm -rf / Assuming a CGI bash script of course -- but maybe vulnerable in other langs if they exec a child process in bash w/ the environment setup by a CGI'd process, for example imagine a Perl CGI that executes a bash script to do part of its work. Thoughts? Is it reasonable to do something in mod_cgi{d} to improve the situation?