CVE-2020-17527

Published: Dic 03, 2020 Last Modified: Nov 21, 2024
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
MEDIUM 5,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: none
Availability: none

Description

AI Translation Available

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,1107
Percentile
0,9th
Updated

EPSS Score Trend (Last 90 Days)

200

Exposure of Sensitive Information to an Unauthorized Actor

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Read Application Data
Applicable Platforms
Technologies: Mobile, Not Technology-Specific, Web Based
Likelihood of Exploit: High
View CWE Details
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 9.0.0
cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Debian Linux by Debian

Product Information
Vendor Debian
Product Debian Linux
Version 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 9.0.0
cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 9.0.0
cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 9.0.0
cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 9.0.38
cpe:2.3:a:apache:tomcat:9.0.38:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 9.0.36
cpe:2.3:a:apache:tomcat:9.0.36:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 9.0.0
cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 10.0.0
cpe:2.3:a:apache:tomcat:10.0.0:milestone8:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version Range Affected
From 8.5.1 (inclusive)
To 8.5.59 (inclusive)
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Oncommand System Manager by Netapp

Product Information
Vendor Netapp
Product Oncommand System Manager
Version Range Affected
From 3.0.0 (inclusive)
To 3.1.3 (inclusive)
cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 9.0.0
cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 9.0.35-3.57.3
cpe:2.3:a:apache:tomcat:9.0.35-3.57.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 9.0.0
cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 9.0.37
cpe:2.3:a:apache:tomcat:9.0.37:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Cloud Native Core Policy by Oracle

Product Information
Vendor Oracle
Product Communications Cloud Native Core Policy
Version 1.14.0
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Mysql Enterprise Monitor by Oracle

Product Information
Vendor Oracle
Product Mysql Enterprise Monitor
Version Range Affected
To 8.0.23 (exclusive)
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 9.0.0
cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 9.0.0
cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 10.0.0
cpe:2.3:a:apache:tomcat:10.0.0:milestone3:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 10.0.0
cpe:2.3:a:apache:tomcat:10.0.0:milestone5:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 9.0.0
cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Workload Manager by Oracle

Product Information
Vendor Oracle
Product Workload Manager
Version 18c
cpe:2.3:a:oracle:workload_manager:18c:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 10.0.0
cpe:2.3:a:apache:tomcat:10.0.0:milestone9:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Sd-Wan Edge by Oracle

Product Information
Vendor Oracle
Product Sd-Wan Edge
Version 9.0
cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 10.0.0
cpe:2.3:a:apache:tomcat:10.0.0:milestone2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Instantis Enterprisetrack by Oracle

Product Information
Vendor Oracle
Product Instantis Enterprisetrack
Version 17.3
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Instantis Enterprisetrack by Oracle

Product Information
Vendor Oracle
Product Instantis Enterprisetrack
Version 17.1
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 9.0.0
cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 9.0.0
cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 9.0.0
cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 10.0.0
cpe:2.3:a:apache:tomcat:10.0.0:milestone1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 10.0.0
cpe:2.3:a:apache:tomcat:10.0.0:milestone7:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 10.0.0
cpe:2.3:a:apache:tomcat:10.0.0:milestone4:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 9.0.35-3.39.1
cpe:2.3:a:apache:tomcat:9.0.35-3.39.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 10.0.0
cpe:2.3:a:apache:tomcat:10.0.0:milestone6:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 9.0.0
cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Element Plug-In by Netapp

Product Information
Vendor Netapp
Product Element Plug-In
Version -
cpe:2.3:a:netapp:element_plug-in:-:*:*:*:*:vcenter_server:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Cloud Native Core Binding Support Function by Oracle

Product Information
Vendor Oracle
Product Communications Cloud Native Core Binding Support Function
Version 1.10.0
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Instantis Enterprisetrack by Oracle

Product Information
Vendor Oracle
Product Instantis Enterprisetrack
Version 17.2
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 9.0.0
cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Instant Messaging Server by Oracle

Product Information
Vendor Oracle
Product Communications Instant Messaging Server
Version 10.0.1.5.0
cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 9.0.0
cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Workload Manager by Oracle

Product Information
Vendor Oracle
Product Workload Manager
Version 19c
cpe:2.3:a:oracle:workload_manager:19c:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Blockchain Platform by Oracle

Product Information
Vendor Oracle
Product Blockchain Platform
Version Range Affected
To 21.1.2 (exclusive)
cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 9.0.0
cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 9.0.0
cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 9.0.39
cpe:2.3:a:apache:tomcat:9.0.39:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 9.0.0
cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Debian Linux by Debian

Product Information
Vendor Debian
Product Debian Linux
Version 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 9.0.0
cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 9.0.0
cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 9.0.0
cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version 9.0.0
cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tomcat by Apache

Product Information
Vendor Apache
Product Tomcat
Version Range Affected
From 9.0.1 (inclusive)
To 9.0.35 (inclusive)
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://lists.apache.org/thread.html/r26a2a66339087fc37db3c…
https://lists.apache.org/thread.html/r26a2a66339087fc37db3caf201e446d3e83b5cce3…
https://lists.apache.org/thread.html/r2d6e05c5ff96f8068a59d…
https://lists.apache.org/thread.html/r2d6e05c5ff96f8068a59dfdb3800e9ee8d4e36ce1…
https://lists.apache.org/thread.html/r5a285242737ddef4d3382…
https://lists.apache.org/thread.html/r5a285242737ddef4d338236328aaaf3237183e146…
https://lists.apache.org/thread.html/r8a227ac6a755a6406c1cc…
https://lists.apache.org/thread.html/r8a227ac6a755a6406c1cc47dd48800e973d4cf13f…
https://lists.apache.org/thread.html/r9fd47f1b03e9b41d16a5c…
https://lists.apache.org/thread.html/r9fd47f1b03e9b41d16a5cf72659b533887267d339…
https://lists.apache.org/thread.html/ra35c8d617b17d59f40011…
https://lists.apache.org/thread.html/ra35c8d617b17d59f400112cebadec43ad379f9819…
https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90…
https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab…
https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90…
https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab…
https://lists.apache.org/thread.html/raa0e9ad388c1e6fd1e301…
https://lists.apache.org/thread.html/raa0e9ad388c1e6fd1e301b5e080f9439f64cb4178…
https://lists.apache.org/thread.html/rabbe6b3ae6a9795641d7a…
https://lists.apache.org/thread.html/rabbe6b3ae6a9795641d7a05c00d2378d5bbbe4240…
https://lists.apache.org/thread.html/rbba08c4dcef3603e36276…
https://lists.apache.org/thread.html/rbba08c4dcef3603e36276d49adda8eedbe458c510…
https://lists.apache.org/thread.html/rca833c6d42b7b9ce15634…
https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d8…
https://lists.apache.org/thread.html/rce5ac9a40173651d540ba…
https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e…
https://lists.apache.org/thread.html/rce5ac9a40173651d540ba…
Mailing List Vendor Advisory
https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e…
https://lists.apache.org/thread.html/rd5babd13d7a350b369b2f…
https://lists.apache.org/thread.html/rd5babd13d7a350b369b2f647b4dd32ce678af42f9…
https://lists.debian.org/debian-lts-announce/2020/12/msg000…
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00022.html
https://security.gentoo.org/glsa/202012-23
Third Party Advisory
https://security.gentoo.org/glsa/202012-23
https://security.netapp.com/advisory/ntap-20201210-0003/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20201210-0003/
https://www.debian.org/security/2021/dsa-4835
Third Party Advisory
https://www.debian.org/security/2021/dsa-4835
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com//security-alerts/cpujul2021.html
Patch Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html
http://www.openwall.com/lists/oss-security/2020/12/03/3
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/12/03/3
https://lists.apache.org/thread.html/r26a2a66339087fc37db3c…
https://lists.apache.org/thread.html/r26a2a66339087fc37db3caf201e446d3e83b5cce3…
https://lists.apache.org/thread.html/r2d6e05c5ff96f8068a59d…
https://lists.apache.org/thread.html/r2d6e05c5ff96f8068a59dfdb3800e9ee8d4e36ce1…
https://lists.apache.org/thread.html/r5a285242737ddef4d3382…
https://lists.apache.org/thread.html/r5a285242737ddef4d338236328aaaf3237183e146…
https://lists.apache.org/thread.html/r8a227ac6a755a6406c1cc…
https://lists.apache.org/thread.html/r8a227ac6a755a6406c1cc47dd48800e973d4cf13f…
https://lists.apache.org/thread.html/r9fd47f1b03e9b41d16a5c…
https://lists.apache.org/thread.html/r9fd47f1b03e9b41d16a5cf72659b533887267d339…
https://lists.apache.org/thread.html/ra35c8d617b17d59f40011…
https://lists.apache.org/thread.html/ra35c8d617b17d59f400112cebadec43ad379f9819…
https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90…
https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab…
https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90…
https://lists.apache.org/thread.html/ra9fcdb904dd2e2256ef90b3e4ced279cd464cb0ab…
https://lists.apache.org/thread.html/raa0e9ad388c1e6fd1e301…
https://lists.apache.org/thread.html/raa0e9ad388c1e6fd1e301b5e080f9439f64cb4178…
https://lists.apache.org/thread.html/rabbe6b3ae6a9795641d7a…
https://lists.apache.org/thread.html/rabbe6b3ae6a9795641d7a05c00d2378d5bbbe4240…
https://lists.apache.org/thread.html/rbba08c4dcef3603e36276…
https://lists.apache.org/thread.html/rbba08c4dcef3603e36276d49adda8eedbe458c510…
https://lists.apache.org/thread.html/rca833c6d42b7b9ce15634…
https://lists.apache.org/thread.html/rca833c6d42b7b9ce1563488c0929f29fcc95947d8…
https://lists.apache.org/thread.html/rce5ac9a40173651d540ba…
https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e…
https://lists.apache.org/thread.html/rce5ac9a40173651d540ba…
Mailing List Vendor Advisory
https://lists.apache.org/thread.html/rce5ac9a40173651d540babce59f6f3825f12c6d4e…
https://lists.apache.org/thread.html/rd5babd13d7a350b369b2f…
https://lists.apache.org/thread.html/rd5babd13d7a350b369b2f647b4dd32ce678af42f9…
https://lists.debian.org/debian-lts-announce/2020/12/msg000…
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00022.html
https://security.gentoo.org/glsa/202012-23
Third Party Advisory
https://security.gentoo.org/glsa/202012-23
https://security.netapp.com/advisory/ntap-20201210-0003/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20201210-0003/
https://www.debian.org/security/2021/dsa-4835
Third Party Advisory
https://www.debian.org/security/2021/dsa-4835
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com//security-alerts/cpujul2021.html
Patch Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html
http://www.openwall.com/lists/oss-security/2020/12/03/3
Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/12/03/3