This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.
The remote SIP server uses scripts that allow remote command execution
The remote host appears to be running SIP. SIP itself is not
vulnerable to Shellshock; however, any Bash script that SIP runs for
filtering or other routing tasks could potentially be affected if the
script exports an environmental variable from the content or headers
of a SIP message.
A negative result from this plugin does not prove conclusively that
the remote system is not affected by Shellshock, only that any scripts
the SIP proxy may be running do not create the conditions that are
exploitable via the Shellshock flaw.
See also :
Apply the referenced Bash patch or remove the affected SIP scripts /
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true