{"id":1006,"date":"2021-12-16T02:53:54","date_gmt":"2021-12-16T02:53:54","guid":{"rendered":"https:\/\/www.hostpoco.com\/blog\/?p=1006"},"modified":"2021-12-16T02:53:57","modified_gmt":"2021-12-16T02:53:57","slug":"cpanel-log4j-vulnerability","status":"publish","type":"post","link":"https:\/\/www.hostpoco.com\/blog\/cpanel-log4j-vulnerability\/","title":{"rendered":"cPanel Plugin Contains Log4j Vulnerability – Update cPanel!"},"content":{"rendered":"\n

The cPanel plugin contains the critically vulnerable and trending log4j library affected by what is being called a catastrophic vulnerability. The one of the popular web hosting server control panel ie cPanel software recently issued a patch to fix a critical flaw in the log4j Java library discovered in part of the software used for email. The vulnerability itself is named, Log4Shell.<\/p>\n\n\n\n

\"cPanel<\/figure>\n\n\n\n

Log4j Critical Log4Shell Vulnerability<\/span><\/h2>\n\n\n\n

Log4j is an Java library that includes drop-in feature to a variety of applications or software that are available online. It’s not something that they’d normally download and then use.<\/p>\n\n\n\n

It’s an Java library that will be integrated into the application. This is because the end-users aaren’t aware whether the application or software they are using contains the vulnerability.<\/p>\n\n\n\n

The vulnerability log4j is scored as a 10 on a scale of 1-10, with 10 being the highest risk degree of vulnerability that could impact your application.<\/p>\n\n\n\n

cPanel Web Host Control Panel<\/a><\/h2>\n\n\n\n

cPanel is an administration panel that allows the owner of a website to manage their web hosting environment. cPanel provides a graphical User Interface (GUI) that is similar to a desktop. It allows you to perform tasks such as updating your version of PHP that websites use or control the firewall, and also add security certificates among others.<\/p>\n\n\n\n

There are around three million customers using cPanel.<\/p>\n\n\n\n

cPanel Plugin Log4Shell Vulnerability<\/span><\/h2>\n\n\n\n

A vulnerability in the Log4j Java library has been found within a crucial cPanel plug-in known as the cPanel Dovecot Solr plugin.<\/p>\n\n\n\n

This plugin forms an important element in IMAP, the IMAP mail protocol.<\/p>\n\n\n\n

As per cPanel<\/span><\/h3>\n\n\n\n
\n

\u201cThe cPanel Solr plugin enables Internet Message Access Protocol (IMAP) Full-Text Search (FTS) Indexing (powered by Apache Solr\u2122), which provides fast search capabilities for IMAP mailboxes.\u201d<\/p><\/blockquote>\n<\/div>\n\n\n\n

A forum discussion on cPanel’s official forums was the first to discover that cPanel had the log4j library, which could pose a security risk.<\/p>\n\n\n\n

Within hours, a cPanel technical analyst had announced that a patch had been made available.<\/p>\n\n\n\n

A forum discussion on cPanel’s official forums was the first to discover that cPanel had the log4j library, which could pose a security risk.<\/p>\n\n\n\n

Within hours, a cPanel technical analyst had announced that a patch had been made available.<\/strong><\/p>\n\n\n\n

\n
\n
\n
\n
\n

“We have released an update that includes mitigations for CVE-2021-44228 in the cpanel-dovecot -solr RPM.<\/p>

Obtaining the Mitigation for CVE-2021-44228<\/p>

You can perform an CPanel Update that will update the cpanel-dovecot -solr RPM:
How do I update cPanel\/WHM?<\/a>“<\/p>

If you have previously removed Solr from cPanel Solr it is possible to restore it using the steps given in this tutorial
How to Install cPanel Solr?<\/a>“<\/p><\/blockquote>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n

More details can be found here:
https:\/\/forums.cpanel.net\/threads\/log4j-cve-2021-44228-does-it-affect-cpanel.696249\/<\/a><\/p>\n\n\n\n

Conclusion<\/span><\/h4>\n\n\n\n

If you’ve got an unrestricted or virtual server that has cPanel installed and enabled Solr, the Solr plugin to cPanel the server could be at risk.<\/p>\n\n\n\n

We strongly suggest that anyone with cPanel to ensure that they are running the most recent version that fixes this vulnerability.<\/p>\n\n\n\n

To do this, sign in to WHM and navigate there: The Home tab > the cPanel menu > Update to the Latest Version<\/strong><\/p>\n\n\n\n

If you require help with this, or aren’t sure whether your server is at risk, you can contact us.<\/p>\n\n\n\n

Be aware that if you’ve installed third-party programs on the server you are running, especially when it runs server side Java, this library could be also present. Please inquire with the software provider.<\/p>\n","protected":false},"excerpt":{"rendered":"

The cPanel plugin contains the critically vulnerable and trending log4j library affected by what is being called a catastrophic vulnerability. The one of the popular web hosting server control panel ie cPanel software recently issued a patch to fix a critical flaw in the log4j Java library discovered in part of the software used for …<\/p>\n

cPanel Plugin Contains Log4j Vulnerability – Update cPanel!<\/span> Read More »<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_eb_attr":"","site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","footnotes":""},"categories":[426],"tags":[424,423,421,425,422],"_links":{"self":[{"href":"https:\/\/www.hostpoco.com\/blog\/wp-json\/wp\/v2\/posts\/1006"}],"collection":[{"href":"https:\/\/www.hostpoco.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hostpoco.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hostpoco.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hostpoco.com\/blog\/wp-json\/wp\/v2\/comments?post=1006"}],"version-history":[{"count":6,"href":"https:\/\/www.hostpoco.com\/blog\/wp-json\/wp\/v2\/posts\/1006\/revisions"}],"predecessor-version":[{"id":1013,"href":"https:\/\/www.hostpoco.com\/blog\/wp-json\/wp\/v2\/posts\/1006\/revisions\/1013"}],"wp:attachment":[{"href":"https:\/\/www.hostpoco.com\/blog\/wp-json\/wp\/v2\/media?parent=1006"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hostpoco.com\/blog\/wp-json\/wp\/v2\/categories?post=1006"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hostpoco.com\/blog\/wp-json\/wp\/v2\/tags?post=1006"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}