{"id":8412,"date":"2021-12-29T10:39:00","date_gmt":"2021-12-29T10:39:00","guid":{"rendered":"https:\/\/www.temok.com\/blog\/?p=8412"},"modified":"2024-07-12T14:45:55","modified_gmt":"2024-07-12T10:45:55","slug":"cpanel-log4j-vulnerability","status":"publish","type":"post","link":"https:\/\/www.temok.com\/blog\/cpanel-log4j-vulnerability\/","title":{"rendered":"cPanel Plugin Contains Log4j Vulnerability"},"content":{"rendered":"<span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\"><\/span> <span class=\"rt-time\"> 3<\/span> <span class=\"rt-label rt-postfix\">min read<\/span><\/span>\r\n\r\n\r\n<p>Recently, one of the most popular control panels named cPanel released a patch to correct a flaw in the log4j Java library. However, the Log4j vulnerability is known as Log4Shell and is also described as catastrophic by researchers.<\/p>\r\n\r\n\r\n\r\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a3ca46b87368\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a3ca46b87368\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.temok.com\/blog\/cpanel-log4j-vulnerability\/#Does_Log4j_CVE-2021-44228_Affect_cPanel\" >Does Log4j (CVE-2021-44228) Affect cPanel?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.temok.com\/blog\/cpanel-log4j-vulnerability\/#Log4j_Critical_Log4Shell_Vulnerability\" >Log4j Critical Log4Shell Vulnerability<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.temok.com\/blog\/cpanel-log4j-vulnerability\/#cPanel_Web_Host_Control_Panel\" >cPanel Web Host Control Panel<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.temok.com\/blog\/cpanel-log4j-vulnerability\/#United_States_Government_Statement_on_Log4Shell_Vulnerability\" >United States Government Statement on Log4Shell Vulnerability<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.temok.com\/blog\/cpanel-log4j-vulnerability\/#The_Director_of_CISA_Jen_Easterly_wrote\" >The Director of CISA, Jen Easterly, wrote:<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.temok.com\/blog\/cpanel-log4j-vulnerability\/#Mitigation_Process_for_CVE-2021-44228\" >Mitigation Process for CVE-2021-44228<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.temok.com\/blog\/cpanel-log4j-vulnerability\/#RPM-based_versions\" >RPM-based versions<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.temok.com\/blog\/cpanel-log4j-vulnerability\/#Ubuntu-based_versions\" >Ubuntu-based versions<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.temok.com\/blog\/cpanel-log4j-vulnerability\/#Example_%E2%80%93_if_installed\" >Example \u2013 if installed<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Does_Log4j_CVE-2021-44228_Affect_cPanel\"><\/span><strong>Does Log4j (CVE-2021-44228) Affect cPanel?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\r\n\r\n\r\n\r\n<p>Yes, you must uninstall the cPanel solr plugin because it is vulnerable. However, an update in version 8.8.2-4+ has been announced to mitigate CVE-2021-44228 to the Cpanel-devecot-solr RPM.\u00a0<\/p>\r\n\r\n\r\n\r\n<p>\u201cWe strongly advise all WordPress site customers running WordPress sites with IMAP messaging protocol to confirm they are running the latest version which patches this vulnerability.\u201d<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Log4j_Critical_Log4Shell_Vulnerability\"><\/span><strong>Log4j Critical Log4Shell Vulnerability<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\r\n\r\n\r\n\r\n<p>Log4j is a Java library used for email and found in the basic cPanel plugin called cPanel Dovecot Solr plugin. It adds a drop-in functionality to many online software products. Keep in mind that it is not something that anyone would generally download and use. This plugin is a must-have component of the IMAP messaging protocol.\u00a0<\/p>\r\n\r\n\r\n\r\n<p>The log4j vulnerability is the most dangerous one, which is rated at 10 on a scale of 1 to 10, where 1 is the minimum level, and 10 is the maximum.\u00a0<\/p>\r\n\r\n\r\n\r\n<blockquote class=\"wp-block-quote is-style-large\">\r\n<p>\u201cThe cPanel Solr plugin enables Internet Message Access Protocol (IMAP) full-text search (FTS) indexing (powered by Apache Solr \u2122), which provides fast search capabilities for IMAP mailboxes.\u201d<\/p>\r\n<\/blockquote>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"cPanel_Web_Host_Control_Panel\"><\/span><strong>cPanel Web Host Control Panel<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\r\n\r\n\r\n\r\n<p><a href=\"http:\/\/cpanel.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">cPanel<\/a>\u00a0is the most widely used and easy-to-use <a title=\"https:\/\/www.temok.com\/linux-shared-hosting-usa\" href=\"https:\/\/www.temok.com\/linux-shared-hosting-usa\" target=\"_blank\" rel=\"noreferrer noopener\">web hosting<\/a> control panel that allows business owner or developers to easily manage their website hosting environment.<\/p>\r\n\r\n\r\n\r\n<p>It offers a graphical user interface (GUI) like Windows over dos OS, and it is also similar to a desktop interface. If you are a non-tech person, you can also perform tasks like PHP version updates, checking firewalls, and adding SSL certificates, among others.<\/p>\r\n\r\n\r\n\r\n<p>According to research conducted by\u00a0<a href=\"https:\/\/trends.builtwith.com\/cms\/CPanel\" target=\"_blank\" rel=\"noreferrer noopener\">BuiltWith<\/a>, more than 3 million users have installed cPanel to manage their hosting.\u00a0<\/p>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"United_States_Government_Statement_on_Log4Shell_Vulnerability\"><\/span><strong>United States Government Statement on Log4Shell Vulnerability<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\r\n\r\n\r\n\r\n<p>The US Government Cybersecurity and Infrastructure Security Agency (CISA) published a statement on November 11, 2021, urging software developers and vendors that patch\/update the log4j library in their products and for the vendors to inform their customers.<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"The_Director_of_CISA_Jen_Easterly_wrote\"><\/span><strong>The Director of CISA, Jen Easterly, wrote:<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\r\n\r\n\r\n\r\n<blockquote class=\"wp-block-quote is-style-large is-layout-flow wp-block-quote-is-layout-flow\">\r\n<p><em>\u201cCISA is working closely with our public and private sector partners to proactively address a critical vulnerability affecting products containing the log4j software library.\u201d<\/em><\/p>\r\n<\/blockquote>\r\n\r\n\r\n\r\n<p><em>Usually, end users rely on their software vendors, and the vendors must update their community and take possible steps such as identifying, mitigating, and patching their products.<\/em><\/p>\r\n\r\n\r\n\r\n<p>The statement says that the Joint Cyber Defense Collaborative, the National Security Agency, and the FBI are also coordinatively working towards creating awareness and its mitigation process proactively.\u00a0<\/p>\r\n\r\n\r\n\r\n<p>This statement includes:\u00a0<\/p>\r\n\r\n\r\n\r\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\r\n<p><em>\u201cWe continue to urge all organizations to review the latest CISA current activity alert and upgrade to log4j version 2.15.0 or apply their appropriate vendor recommended mitigations immediately.<\/em><\/p>\r\n<p><em>To be clear, this vulnerability poses a severe risk. We will only minimize potential impacts through collaborative efforts between the government and the private sector. We urge all organizations to join us in this essential effort and take action.\u201d<\/em><\/p>\r\n<\/blockquote>\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Mitigation_Process_for_CVE-2021-44228\"><\/span><strong>Mitigation Process for CVE-2021-44228<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\r\n\r\n\r\n\r\n<p>It was officially announced on the cPanel discussion forum that cPanel contained the log4j library, and it can be a security risk. However, you can check if this RPM is installed by executing the following command:\u00a0<\/p>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"RPM-based_versions\"><\/span>RPM-based versions<span class=\"ez-toc-section-end\"><\/span><\/h3>\r\n\r\n\r\n\r\n<pre class=\"wp-block-preformatted\"># rpm -q cpanel-dovecot-solr --changelog | grep CVE-2021-44228<\/pre>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Ubuntu-based_versions\"><\/span>Ubuntu-based versions<span class=\"ez-toc-section-end\"><\/span><\/h3>\r\n\r\n\r\n\r\n<pre class=\"wp-block-preformatted\"># zgrep -E CVE-2021-44228 \/usr\/share\/doc\/cpanel-dovecot-solr\/changelog.Debian.gz<\/pre>\r\n\r\n\r\n\r\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Example_%E2%80%93_if_installed\"><\/span>Example \u2013 if installed<span class=\"ez-toc-section-end\"><\/span><\/h3>\r\n\r\n\r\n\r\n<pre class=\"wp-block-preformatted\"># rpm -q cpanel-dovecot-solr<\/pre>\r\n\r\n\r\n\r\n<pre class=\"wp-block-preformatted\">cpanel-dovecot-solr-8.8.2-4.11.1.cpanel.noarch <\/pre>\r\n\r\n\r\n\r\n<p>For more detailed information: Visit our recent <a href=\"https:\/\/clients.temok.com\/index.php?rp=\/announcements\/38\/Log4j-Vulnerability---cPanel-and-log4j-vulnerability-CVE-2021-44228.html\" target=\"_blank\" rel=\"noopener\">announcement<\/a> about Log4j Vulnerability for more details.<\/p>\r\n\r\n\r\n\r\n<p>Please try to patch it ASAP and share your valuable feedback with us, we would love to answer your questions in the comment section below.<\/p>\r\n","protected":false},"excerpt":{"rendered":"<p><span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\"><\/span> <span class=\"rt-time\"> 3<\/span> <span class=\"rt-label rt-postfix\">min read<\/span><\/span>Recently, one of the most popular control panels named cPanel released a patch to correct a flaw in the log4j Java library. However, the Log4j vulnerability is known as Log4Shell and is also described as catastrophic by researchers. Does Log4j (CVE-2021-44228) Affect cPanel? Yes, you must uninstall the cPanel solr plugin because it is vulnerable. [&hellip;]<\/p>\n","protected":false},"author":10,"featured_media":8414,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"pmpro_default_level":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[50],"tags":[1314,1315,1317,1316,1313,1312],"class_list":["post-8412","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cpanel-vulnerability","tag-how-to-avoid-log4j","tag-how-to-check-log4j","tag-how-to-patch-log4j","tag-log4j-cpanel","tag-log4j-vulnerability","pmpro-has-access"],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/blog.temok.com\/wp-content\/uploads\/2021\/12\/blog-000.jpg?fit=750%2C500&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.temok.com\/blog\/wp-json\/wp\/v2\/posts\/8412","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.temok.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.temok.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.temok.com\/blog\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.temok.com\/blog\/wp-json\/wp\/v2\/comments?post=8412"}],"version-history":[{"count":5,"href":"https:\/\/www.temok.com\/blog\/wp-json\/wp\/v2\/posts\/8412\/revisions"}],"predecessor-version":[{"id":14902,"href":"https:\/\/www.temok.com\/blog\/wp-json\/wp\/v2\/posts\/8412\/revisions\/14902"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.temok.com\/blog\/wp-json\/wp\/v2\/media\/8414"}],"wp:attachment":[{"href":"https:\/\/www.temok.com\/blog\/wp-json\/wp\/v2\/media?parent=8412"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.temok.com\/blog\/wp-json\/wp\/v2\/categories?post=8412"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.temok.com\/blog\/wp-json\/wp\/v2\/tags?post=8412"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}