[hijinks]

I don't think so. From what I've been reading it can be exploited via http requests. I'm sure a metasploit script is right around the corner.

Edit: oh looks like only like mod_cgi related stuff is.. thats good then sort of

[vidarh]

It can potentially be exploited via anything that shells out to bash with an environment that contains environment variables with values (that ultimately comes from) an untrusted source.

mod_cgi is just one of the most obvious attack vectors.

[kevinr]

Any software where adversary-controlled input can set environment variables which then execs bash is affected. mod_cgi is just really easy to exploit.