The Apache Log4j exploit and how we protected our servers
Knowledgebase Article
The Apache Log4j exploit and how we protected our servers
On Friday, December 10th, 2021, a vulnerability for Log4j was announced in CVE-2021-44228.
Log4j is developed by the Apache Foundation and is widely used by both enterprise apps and cloud services. It was also revealed that CVE-2021-44228 impacts default configurations of multiple Apache frameworks, including Apache Struts2, Apache Solr, Apache Druid, Apache Flink, and others. The United States Cybersecurity and Infrastructure Security Agency also issued a statement from CISA Director Easterly on the log4j vulnerability.
How does this impact my server?
The same day the vulnerability was announced, our Engineering team took immediate actions upon our servers and patch them appropriately. The only service provided by the cPanel software that uses the logging utility Log4j is cpanel-dovecot-solr. However, other services based on Java were also affected by this. Services like ElasticSearch versions before 7, custom Java based applications that may use Log4j, and separate Solr instances.
Our patch was applied across the whole fleet of servers, patching all of the possible services vulnerable to the new exploit only hours after the vulnerability was announced publicly.
Updates from December 15th, 2021
The Apache Logging team released an update after it was discovered that certain non-default configurations were still vulnerable to the log4j exploit. Learn more about CVE-2021-45046. You can also read the Apache Logging site’s Security page for more information.
Powered by WHMCompleteSolution