ApacheSolr vulnerability CVE-2021-44228 for Log4j

A vulnerability in Apache Log4j, a widely used logging package for Java has been found. The vulnerability, which can allow an attacker to execute arbitrary code by sending crafted log messages, has been identified as CVE-2021-44228 and given the name Log4Shell. It was first reported privately to Apache on November 24 and was patched with version 2.15.0 of Log4j on December 9. It affects Apache Struts, Apache Solr, Apache Druid, Elasticsearch, Apache Dubbo, and VMware vCenter. Since then, it has been disclosed that in certain non-default conditions, the original patch was incomplete; this was designated as CVE-2021-45046 and a new version of Log4j, 2.16.0, has been released.

Obtaining the Mitigation for CVE-2021-44228 For cPanel

You can run a cPanel Update which will update the cpanel-dovecot-solr RPM for you:
How to update cPanel/WHM

To update cPanel & WHM manually, use WHM’s Upgrade to Latest Version interface (WHM >> Home >> cPanel >> Upgrade to Latest Version).
For command line:

To run this script on the command line, use the following format:

/usr/local/cpanel/scripts/upcp [options]

Alternatively you could update just the cpanel-dovecot-solr RPM via YUM as the root user with the following command:

yum update cpanel-dovecot-solr

If you previously uninstalled cPanel Solr, you may install it again with the steps in this guide
How to Install cPanel Solr

Verifying That You Have The Mitigation In Place

1. Login to the server via SSH or Terminal as the root user
2. Issue the following command:

rpm -q --changelog cpanel-dovecot-solr | grep -B1 CPANEL-39455

If the mitigation has been successfully added to your server you will see the following output:
Code:

# rpm -q --changelog cpanel-dovecot-solr | grep -B1 CPANEL-39455
* Fri Dec 10 2021 Tim Mullin <tim@cpanel.net> -  8.8.2-4.cp1180
- CPANEL-39455: Add mitigation for CVE-2021-44228

For non cPanel Servers
https://github.com/lunasec-io/lunasec/releases/
https://github.com/rubo77/log4j_checker_beta/blob/main/README.md
https://logging.apache.org/log4j/2.x/download.html

Resources:

https://support.cpanel.net/hc/en-us/articles/4415775520919-ApacheSolr-vulnerability-CVE-2021-44228-for-Log4j

The Apache Log4j exploit and how to protect your cPanel server


https://www.greenbone.net/en/greenbones-log4j-vulnerability-test-coverage/

Leave a Comment