Log4Shell Log4J exploit in Cpanel?

waiheke5

New Member
Hi,
does anyone know if we have to do anything to ensure apache is updated re. the recent Log4Shell exploit?
 

waiheke5

New Member
Update: this only seems to affect those users whom have Solr installed via Cpanel.

Also, since it was patched by Apache last week and included in Cpanel updates, another vulnerability was detected and patched (as of yesterday: Tues 14th Dec).


Example output on a patched server:

# rpm -qv --changelog cpanel-dovecot-solr|grep "CVE-2021-45046"
- Remove JndiLookup.class from log4j to mitigate CVE-2021-45046
 
Top