Those were pretty well publicized CVEs when they were patched.
On the assumption that this data breach was caused by those CVEs (which I think were even publicized by the US CISO / NSA, how does the average website-hosting company find out about CVEs that apply to their stack in a timely manner? (note: I'm playing as devil's advocate, but would seriously like to hear realistic answers)
butner|5 years ago
https://blog.f-secure.com/new-vulnerabilities-make-exposed-s...
thephyber|5 years ago
On the assumption that this data breach was caused by those CVEs (which I think were even publicized by the US CISO / NSA, how does the average website-hosting company find out about CVEs that apply to their stack in a timely manner? (note: I'm playing as devil's advocate, but would seriously like to hear realistic answers)