A critical security vulnerability has been discovered in the Log4j logging package. This vulnerability potentially affects applications running in Java. Entity Data advises customers running applications that utilise the Log4j logging package to immediately update or mitigate this vulnerability. For additional information please see the resources linked below or contact Entity Data Support.
 
 
Entity Data has completed a full review of our infrastructure and potential exposure to this vulnerability.

- Managed VMware Cloud - Not Affected
- Velocity SSD VPS - Not Affected
- Client area and front end orchestration - Not Affected
- Windows shared hosting servers (Plesk) - Not Affected
- Linux shared hosting servers (cPanel) - Potentially Affected and now mitigated
- Citrix ADC (VPN and Load Balancing) - Not Affected
- Network & Security Appliances - Not Affected
- DNS Manager - Not Affected
 
Customers running cPanel

It appears that the majority of cPanel servers are unaffected.  The only official cPanel package vulnerable to the log4j exploit is the cpanel-dovecot-solr package. Should you have this package installed on your cPanel server you can resolve the issue by simply updating it.
 
# Run update
yum update cpanel-dovecot-solr
 
# Check mitigation applied
rpm -q --changelog cpanel-dovecot-solr | grep -B1 CPANEL-39455
 
Linux servers
 
If you're unsure if you have any potentially vulnerable applications, check for the presence of anything running in Java.
 
ps aux | grep java
 
 


Saturday, December 11, 2021

« Back