Skip to main content
System StatusContact Support

Documentation related to the following products will soon be moved to a new portal: ( Agility, Agility Connect and Agility Integrations Continuum and ALM Connect
Links from the site will automatically redirect to the new site.
If you have any questions, please contact Support. Agility Community

Was VersionOne affected by the shellshock (bashbug) security vulnerability?

Still have questions?

Related Articles


US-CERT/NIST released security vulnerability CVE-2014-7169 9/24/2014. A security vulnerability in the GNU Bourne Again Shell (Bash), the command-line shell used in many Linux and Unix operating systems, could leave systems running those operating systems open to exploitation by specially crafted attacks. “This issue is especially dangerous, as there are many possible ways Bash can be called by an application,” a Red Hat security advisory warned.


The VersionOne application itself does not run on Unix or Linux based servers, therefore the application is not impacted.  In our hosting environment, we utilize F5 load balancers. In response from our hosting provider, Rackspace, the F5s are only vulnerable to authenticated users and rogue DHCP servers.  The Rackspace-managed F5s are only accessible by Rackspace personnel, therefore an attack vector does not currently exist for unauthenticated users. Additionally, DHCP is not configured on the load balancers, so there is no risk of a compromise regarding the CVE-2014-7169 security vulnerability

Per our internal network, the only server affected was a monitoring server.  It was vulnerable and immediately updated with the linux bash package, which has since remedied the vulnerability.