cPanel Plugin Contains Log4j Vulnerability

1. cPanel Plugin Contains Log4j Vulnerability 3 min read 0 0 0 0         cPanel Plugin Contains Log4j Vulnerability Recently, one of the most popular control panels named cPanel released a patch to correct a flaw in the log4j Java library. However, the vulnerability is known as Log4Shell and is also described as a catastrophic vulnerability by researchers. Does Log4j (CVE-2021-44228) affect cPanel? Yes, you have to uninstall the cPanel solr plugin because it is vulnerable. However, an update in version 8.8.2-4+ has been announced to mitigate CVE- 2021-44228 to the Cpanel-devecot-solr RPM. “We strongly advise all WordPress site customers running WordPress sites with IMAP messaging protocol to confirm they are running the latest version which patches this vulnerability.” Log4j Critical Log4Shell Vulnerability Privacy - Terms Chat with us ?

2. Log4j is a Java library that is used for email and found in the basic cPanel plugin called cPanel Dovecot Solr plugin. It adds a drop-in functionality to many online software products. Keep in mind that it is not something that anyone would generally download and use. This plugin is a must-have component of the IMAP messaging protocol. The log4j vulnerability is the most dangerous one, which is rated at 10 on a scale of 1 to 10, where 1 is the minimum level, and 10 is the maximum. cPanel describes it as:  “The cPanel Solr plugin enables Internet Message Access Protocol (IMAP) full-text search (FTS) indexing (powered by Apache Solr ™), which provides fast search capabilities for IMAP mailboxes.” cPanel Web Host Control Panel cPanel is the most widely used and easy-to-use web hosting control panel that allows business owner or developers to easily manage their website hosting environment.

3. cPanel offers a graphical user interface (GUI) like windows over dos OS, and it is also similar to a desktop interface. If you are a non-tech person, you can also perform tasks like PHP version update, checking firewalls, and adding SSL certificates, among others. According to research conducted by BuiltWith, more than 3 million users have installed cPanel to manage their hosting. United States Government Statement on Log4Shell Vulnerability The US Government Cybersecurity and Infrastructure Security Agency (CISA) published a statement on November 11, 2021, urging software developers and vendors that patch/update the log4j library in their products and for the vendors to inform their customers. The Director of CISA, Jen Easterly, wrote:  “CISA is working closely with our public and private sector partners to proactively address a critical vulnerability affecting products containing the log4j software library.” Usually, end users totally rely on their software vendors, and it is compulsory for the vendors to update their community and take possible steps such as identifying, mitigating, and patching their products.

4. The statement says that the Joint Cyber Defense Collaborative, National Security Agency, and the FBI are also coordinatively working towards creating awareness and its mitigation process proactively. This statement includes:  “We continue to urge all organizations to review the latest CISA current activity alert and upgrade to log4j version 2.15.0 or apply their appropriate vendor recommended mitigations immediately. To be clear, this vulnerability poses a severe risk. We will only minimize potential impacts through collaborative efforts between the government and the private sector. We urge all organizations to join us in this essential effort and take action.” Mitigation Process for CVE-2021-44228 It was officially announced on the cPanel discussion forum that cPanel contained the log4j library, and it can be a security risk. However, you can check if this RPM is installed by executing the following command: RPM-based versions 1 # rpm -q cpanel-dovecot-solr --changelog | grep CVE-2021-44228 Ubuntu-based versions 1 # zgrep -E CVE-2021-44228 /usr/share/doc/cpanel-dovecot-solr/changelog.Debian.gz Example – if installed: 1 # rpm -q cpanel-dovecot-solr 1 cpanel-dovecot-solr-8.8.2-4.11.1.cpanel.noarch For more detailed information: Visit our recent announcement about Log4j Vulnerability for more details.

5. Please try to patch it ASAP and share your valuable feedback with us, and we would love to answer your questions in the comment section below. 0 0 0 0         +1 Show Comments   Want to Start Hosting on the Cloud or Looking for the Managed Dedicated Servers ? You are on the right Place ..... Get started Services

6. •• Managed Dedicated Servers •• Managed DigitalOcean Cloud •• Managed Magento Cloud •• Managed Amazon Cloud (AWS) •• Managed PHP Cloud •• Managed Laravel Cloud •• Managed Drupal Cloud •• Managed Joomla Cloud •• Managed Prestashop Cloud •• Managed WooCommerce Cloud •• Managed WordPress Cloud •• Linux Shared Hosting •• Windows Shared Hosting •• Linux Reseller Hosting •• Linux SEO Hosting •• Domains •• Linux Virtual Private Server (VPS) •• Windows Virtual Private Server (VPS) •• SEO RDP/VPS •• Proxies •• VPN •• SSL

7. Company •• About Us •• Contact Us •• Privacy Policy •• Terms & Conditions •• Service Level Agreement •• DMCA •• Acceptable Use Policy •• Blog •• Affiliates Newsletter Sign up for special offers: Subscribe Copyright TEMOK 2021. All Rights Reserved.