Log4j vulnerability and does it affect you?
A security bulletin was shared regarding a 0-day vulnerability for the Apache java logging library ‘log4j’ version 2+. What was shared was a discovery that this library could be severely exploited through Remote Code Execution (RCE) by handling a specific string within the library.
This vulnerability has been considered critical, obtaining a 10/10 on the CVSS (Common Vulnerability Scoring System) scale. Due to the widespread usage of this library it has been found to affect several different applications and Apache projects.
Applications and Apache projects affected are those such as:
- Minecraft Servers
- Elasticsearch versions (6.8.9+, 7.8+) are not affected due to use of the Java Security Manager by the ES Team.
- Apache Druid
- Apache Solr
- Apache Wicket
- Java-based applications built with the log4j library.
Is your server vulnerable to Log4j?
While this exploit has been taunted as an Apache exploit, it’s not specifically the Apache webserver that’s effected but Apache’s java logging library log4j and the various applications and software installations that use it. It’s important to understand this distinction as the log4j library is used in custom solutions and is not often found in most server deployments that host typical webpages.
For example, if you’re not developing java with log4j libraries, running a Minecraft server, special niche Apache projects or any specific application built on Java with that library included, then you’re most likely not affected.
That being said most Managed KnownHost servers are not going to be affected. (I.E, simply running Java isn’t going to make you vulnerable)
Managed KnownHost servers are provided with two panels, cPanel and DirectAdmin and we’ve checked to see what’s affected on each one.
They do use Apache Solr and while this has been disabled by default on most KnownHost Managed servers, there are some servers out there that run this service.
Don’t worry though — cPanel has patched this vulnerability in their Apache Solr build:
# rpm -q --changelog cpanel-dovecot-solr | grep -B1 CPANEL-39455 * Fri Dec 10 2021 Tim Mullin <firstname.lastname@example.org> - 8.8.2-4.cp1180 - CPANEL-39455: Add mitigation for CVE-2021-44228 --- # rpm -q --changelog cpanel-dovecot-solr | grep -B1 CVE-2021-45046 * Tue Dec 14 2021 Stephen Bee <email@example.com> - 8.8.2-5.cp1180 - Remove JndiLookup.class from log4j to mitigate CVE-2021-45046
So as long as your server is receiving the latest cPanel updates, you’re going to be fine.
It’s worth noting that the above plugin is the only software provided by cPanel that contains log4j.
No worries here either! DirectAdmin does not use Logj4 anywhere on their panel or provided software installations.
What if you are vulnerable to Log4j?
If you’ve been informed or you find yourself affected by this vulnerability, you need to mitigate it as soon as possible by updating your Log4j libraries to 2.16.0. There are many security related websites out there covering this exploit such as LunaSec offering mitigation steps to protect yourself.
For those using web based applications and need to temporarily protect yourself, it’s recommended to get a Website Application Firewall such as Imunify360 which we do offer.
If you have questions or want to have your server evaluated just to be sure — feel free to open a ticket with our Support Department and we’ll help check your server out.