Update description

wvu · wvu · commit fc04bf9d4860 · 2014-09-24T16:22:58.000-05:00
This is what I had when @todb-r7 beat me to the punch. >:P
diff --git a/modules/auxiliary/admin/http/bash_env.rb b/modules/auxiliary/admin/http/bash_env.rb
@@ -13,13 +13,11 @@ def initialize(info = {})
     super(update_info(info,
       'Name' => 'Bash Specially-Crafted Environment Variables Code Injection Attack',
       'Description' => %q{
-        This module exploits a remote command injection vulnerability in bash,
-        a popular shell environment, over an HTTP CGI vector. By passing a specially-crafted
-        string that is set as an environment variable, attckers may execute arbitrary operating
-        system commands.
+        This module exploits a code injection in specially crafted environment
+        variables in Bash, specifically targeting Apache mod_cgi scripts through
+        the HTTP_USER_AGENT variable.
 
-        For this version of the exploit, the target must already have netcat (nc) compiled with the
-        -e option.
+        Netcat with the -e (GAPING_SECURITY_HOLE) option is required.
       },
       'Author' => ['wvu'],
       'References' => [
