You may have heard of a Log4j 2 security issue. Many vendors have updated their systems and applied patches. However, a new issue have risen which can exploit the issue even with an update. How does CVE-2021-44228 and CVE-2021-45046 affect cPanel, Plesk and DirectAdmin? And how does Yourwebhoster.eu handle this? This update will show you how we have taken action and how you can secure your server.
Is Plesk affected by CVE-2021-44228 and CVE-2021-45046?
The big question is if Plesk is affected by CVE-2021-44228 and CVE-2021-45046. For most normal installations, Plesk is not affected. The only way to get affected by these Log4j exploits in Plesk is if you are using a Java application using an extension or a custom installed (web) installation. However, most servers do not and therefore you do not have to worry about a Log4j 2 exploit for Plesk.
Is cPanel affected by CVE-2021-44228 and CVE-2021-45046?
Update December 15: An update has been provided by cPanel.
Another large used panel is cPanel, which is affected by CVE-2021-44228 and CVE-2021-45046. In particular Log4j 2 is used in the cPanel solr extension. The purpose of cPanel solr is to support faster search capabilities for IMAP. However, in this case it also adds an extra issue to worry about.
To resolve the issue, you have two options. You can either update cPanel Dovecot Solr or uninstall the Solr extension for now. You can do this by using the following these steps:
- Log in to WHM.
- Go to cPanel -> Manage Plugins.
- Click “Uninstall “Full Text Search Indexing for IMAP powered by Apache Solr™”
- You are safe now.
You can always enable Solr again, however, for now we advise to leave it uninstalled and let some time pass. Even when a patch is created, chances are that another exploit is being discovered. The software is non-essential and only allows improved search performance, but searching does work without it as well.
At the time of writing, only a patch for the first exploit is released. However, the second exploit has not been patched yet. Note: there may be other extensions on a cPanel server that use Java, just like with other systems like Plesk and DirectAdmin. However, this is not common.
Is DirectAdmin affected by CVE-2021-44228 and CVE-2021-45046?
The same question is if DirectAdmin is affected by CVE-2021-44228 and CVE-2021-45046. By default, DirectAdmin does not use Java and therefore Log4j 2 is not used. Only when you have custom installed Java with an application that utilizes Log4j 2 you have this problem. However, most users do not.
How did Yourwebhoster.eu solve this on Managed servers?
We have applied the first update on cPanel servers. However, due to the second issue, we have decided to uninstall the affected module in cPanel. We may enable this again when we deem this issue resolved.
Can you help me with Log4j2 CVE-2021-44228 and CVE-2021-45046?
Of course! You can contact us any time or call us at +31 085 273 48 10.