So, generally speaking, no, Apache Tomcat running under windows is not vulnerable. To be sure, however, you have to verify that bash hasn't been installed and used as the interpreter for CGI programs (which is sometimes done by third parties to deploy Unix software on Windows).
However, what happens when analysts receive more alerts than they can reasonably correlate to an event? Or when an attacker uses a custom, coordinated, hand-made tool to craft malicious packets against an IPS sensor? Often they become overwhelmed and may miss important attack details.
More good news: Apple says the "vast majority" of OS X devices should be safe from Shellshock unless you have manually configured advanced UNIX services. If you're not sure what that means, your computer is probably fine. Still, Apple is promising to quickly release a security patch to addresses the issue for all Mac users; everyone should install it when it becomes available.
Wazuh is capable of detecting a Shellshock attack by analyzing web server logs collected from a monitored endpoint. In this use case, you set up an Apache web server on the Ubuntu endpoint and simulate a shellshock attack.
In the early hours of the Shellshock vulnerability in Bash, the joke in the tech community was that Windows Administrators could sit back and watch the Linux/UNIX admins scramble about for once (more on this later). But what exactly is the issue, and how does it affect your website? 2b1af7f3a8