What is the most common method to exploit the “Bash Bug” or “ShellShock” vulnerability?

A.
Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable
to a vulnerable Web server

B.
Manipulate format strings in text fields

C.
SSH

D.
SYN Flood

Explanation:
Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell.
One specific exploitation vector of the Shellshock bug is CGI-based web servers.
Note: When a web server uses the Common Gateway Interface (CGI) to handle a document request, it passesvarious details of the request to a handler program in the environment variable list. For example, the variable
HTTP_USER_AGENT has a value that, in normal usage, identifies the program sending the request. If the
request handler is a Bash script, or if it executes one for example using the system call, Bash will receive the
environment variables passed by the server and will process them. This provides a means for an attacker to
trigger the Shellshock vulnerability with a specially crafted server request.
https://en.wikipedia.org/wiki/Shellshock_(software_bug)#Specific_exploitation_vectors