Apache Log4j utility zero-day exploit (CVE-2021-44228) and (CVE 2021-45046)

Started by nick_sinigamy, Jun 24, 2022, 01:24 PM

Previous topic - Next topic

nick_sinigamyTopic starter

Cloudflare published a blog post regarding a a zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228) which was made public yesterday on December 9, that results in remote code execution (RCE).

Cloudflare says this vulnerability is actively being exploited and anyone using Log4j should update to version 2.15.0 as soon as possible. The latest version can already be found on the Log4j download page.

The company deployed three new WAF rules to help mitigate any exploit attempts, and they have now been configured with a default action of BLOCK.

More details on the vulnerability can be found on the official Log4j security page.


CVE-2021-44228, a critical vulnerability that's affecting a Java logging package log4j. If your organization uses the log4j library, you should upgrade to log4j-2.1.50.rc2 immediately. Be sure that your Java instance is up-to-date. The log4j package may be bundled in with software you use provided by any given vendor. In this scenario, unfortunately, the vendors themselves will need to push the security updates downstream.

DirectAdmin does not use Log4j anywhere, so there is nothing for us to announce or fix regarding CVE-2021-44228.

The cPanel Solr plugin is the only software provided and supported by cPanel that contains log4j. And they have published an update with the mitigation for CVE-2021-44228 to the cpanel-dovecot-solr RPM. If "dovecot-solr" is not installed, no need to worry about it.

Plesk does not use Log4j, perhaps some 3rd party extensions might use it. Verify the package installations and confirm it. check reference here

Don't confuse with the name "Apache Log4j Security Vulnerabilities", it is apache foundation/organisation only not the apache web server. The foundation has a lot of different software projects under it, including log4j and the apache web server, but those are each separate software and this vulnerability is in log4j.