W waiheke5 New Member Dec 10, 2021 #1 Hi, does anyone know if we have to do anything to ensure apache is updated re. the recent Log4Shell exploit?
Hi, does anyone know if we have to do anything to ensure apache is updated re. the recent Log4Shell exploit?
R Randy001 New Member Dec 11, 2021 #2 Good question, I have no idea. Maybe KnownHost support could respond??
W waiheke5 New Member Dec 11, 2021 #3 I found a post on the Cpanel site here https://forums.cpanel.net/threads/log4j-cve-2021-44228-does-it-affect-cpanel.696249/ and also an update was posted to https://logging.apache.org/log4j/2.x/ (under 'News').
I found a post on the Cpanel site here https://forums.cpanel.net/threads/log4j-cve-2021-44228-does-it-affect-cpanel.696249/ and also an update was posted to https://logging.apache.org/log4j/2.x/ (under 'News').
W waiheke5 New Member Dec 16, 2021 #4 Update: this only seems to affect those users whom have Solr installed via Cpanel. Also, since it was patched by Apache last week and included in Cpanel updates, another vulnerability was detected and patched (as of yesterday: Tues 14th Dec). https://support.cpanel.net/hc/en-us/articles/4415987808023-ApacheSolr-vulnerability-CVE-2021-45046-for-Log4j Example output on a patched server: # rpm -qv --changelog cpanel-dovecot-solr|grep "CVE-2021-45046" - Remove JndiLookup.class from log4j to mitigate CVE-2021-45046
Update: this only seems to affect those users whom have Solr installed via Cpanel. Also, since it was patched by Apache last week and included in Cpanel updates, another vulnerability was detected and patched (as of yesterday: Tues 14th Dec). https://support.cpanel.net/hc/en-us/articles/4415987808023-ApacheSolr-vulnerability-CVE-2021-45046-for-Log4j Example output on a patched server: # rpm -qv --changelog cpanel-dovecot-solr|grep "CVE-2021-45046" - Remove JndiLookup.class from log4j to mitigate CVE-2021-45046
