A security bulletin has been shared regarding a 0-day vulnerability for Apache java logging library ‘log4j’ version 2+. What was shared was a discovery that manipulation of a specific string within this library could be fatally exploited through remote code execution (RCE).
This vulnerability is considered critical, achieving 10/10 on the CVSS (Common Vulnerability Scoring System) scale. Due to the widespread use of this library, it has been found to affect various applications and Apache projects.
Affected applications and Apache projects are:
- Minecraft Servers.
- Elasticsearch versions (6.8.9+, 7.8+) are not affected due to the use of the Java Security Manager by the ES Team.
- Neo4J.
- Apache Druid.
- Apache Solr.
- Apache Wicket.
- Java-based applications are built with the log4j library.
What to do if your server found a Log4j vulnerability?
Although this exploit has been derided as an Apache exploit, it is not specifically the Apache web server that is affected but Apache’s Java logging library log4j and the various applications and software installations that use it. This distinction is important to understand because the log4j library is used in custom solutions and is generally not available in most server deployments that host web pages.
For example, if you don’t develop Java with the log4j libraries, run a Minecraft server, special niche Apache projects, or any specific application built in Java that includes that library, you likely won’t be affected.
That being said most managed host servers will not be affected. (ie, running Java doesn’t make you vulnerable)
We’ll talk about two panels, cPanel and DirectAdmin, and examine the impact each has.
1. In the cPanel Server
They use Apache Solr and while it is disabled by default on most managed servers, there are some servers that run this service.
No worries, though – cPanel has patched this type of vulnerability in their Apache Solr build:
# rpm -q –changelog cpanel-dovecot-solr – grep -B1 CPANEL-39455
* Fri Dec 10 2021 Tim Mullin <[email protected]> – 8.8.2-4.cp1180
– CPANEL-39455: Add mitigation for CVE-2021-44228
—
# rpm -q –changelog cpanel-dovecot-solr | grep -B1 CVE-2021-45046
* Tue Dec 14 2021 Stephen Bee <[email protected]> – 8.8.2-5.cp1180
– Remove JndiLookup.class from log4j to mitigate CVE-2021-45046
So as long as your server is receiving the latest cPanel updates, you should be fine.
It is worth noting that the above plugin is the only software provided by cPanel that contains log4j.
2. In The DirectAdmin Servers
No worries here! DirectAdmin does not use Logj4 in their panel or anywhere in the provided software installation.
Are you vulnerable to Log4j?
For those who are using web-based applications and need to protect themselves temporarily, it is recommended to get a website application firewall. If you want to know how to remove malware from your website then you can read this article.
