The cPanel plugin contains the critically vulnerable and trending log4j library affected by what is being called a catastrophic vulnerability. The one of the popular web hosting server control panel ie cPanel software recently issued a patch to fix a critical flaw in the log4j Java library discovered in part of the software used for email. The vulnerability itself is named, Log4Shell.
Log4j Critical Log4Shell Vulnerability
Log4j is an Java library that includes drop-in feature to a variety of applications or software that are available online. It’s not something that they’d normally download and then use.
It’s an Java library that will be integrated into the application. This is because the end-users aaren’t aware whether the application or software they are using contains the vulnerability.
The vulnerability log4j is scored as a 10 on a scale of 1-10, with 10 being the highest risk degree of vulnerability that could impact your application.
cPanel Web Host Control Panel
cPanel is an administration panel that allows the owner of a website to manage their web hosting environment. cPanel provides a graphical User Interface (GUI) that is similar to a desktop. It allows you to perform tasks such as updating your version of PHP that websites use or control the firewall, and also add security certificates among others.
There are around three million customers using cPanel.
cPanel Plugin Log4Shell Vulnerability
A vulnerability in the Log4j Java library has been found within a crucial cPanel plug-in known as the cPanel Dovecot Solr plugin.
This plugin forms an important element in IMAP, the IMAP mail protocol.
As per cPanel
“The cPanel Solr plugin enables Internet Message Access Protocol (IMAP) Full-Text Search (FTS) Indexing (powered by Apache Solr™), which provides fast search capabilities for IMAP mailboxes.”
A forum discussion on cPanel’s official forums was the first to discover that cPanel had the log4j library, which could pose a security risk.
Within hours, a cPanel technical analyst had announced that a patch had been made available.
A forum discussion on cPanel’s official forums was the first to discover that cPanel had the log4j library, which could pose a security risk.
Within hours, a cPanel technical analyst had announced that a patch had been made available.
“We have released an update that includes mitigations for CVE-2021-44228 in the cpanel-dovecot -solr RPM.
Obtaining the Mitigation for CVE-2021-44228
You can perform an CPanel Update that will update the cpanel-dovecot -solr RPM:
How do I update cPanel/WHM?“If you have previously removed Solr from cPanel Solr it is possible to restore it using the steps given in this tutorial
How to Install cPanel Solr?“
More details can be found here:
https://forums.cpanel.net/threads/log4j-cve-2021-44228-does-it-affect-cpanel.696249/
Conclusion
If you’ve got an unrestricted or virtual server that has cPanel installed and enabled Solr, the Solr plugin to cPanel the server could be at risk.
We strongly suggest that anyone with cPanel to ensure that they are running the most recent version that fixes this vulnerability.
To do this, sign in to WHM and navigate there: The Home tab > the cPanel menu > Update to the Latest Version
If you require help with this, or aren’t sure whether your server is at risk, you can contact us.
Be aware that if you’ve installed third-party programs on the server you are running, especially when it runs server side Java, this library could be also present. Please inquire with the software provider.