Log4j vulnerability: What you need to know

Log4j vulnerability: What you need to know

Share this article

As you’ve probably heard, a critical vulnerability in a Java Library called Log4J was discovered last week, affecting millions of websites running Java applications around the world. Log4J is a common software present on most Java web applications, including on certain cPanel servers.

Our team has already taken the necessary measures and all our servers have now been duly patched, wherever we had access and permission.

What is happening?

Cybercriminals are actively exploiting a vulnerability that affects the Java logging library Log4j. This exploit was first discovered on December 9 and poses a great risk of unauthenticated remote code execution and access to servers.

The exploit has the potential to let hackers compromise millions of devices across the internet, as Log4j is used in many forms of software, such as cloud server platforms, web applications, and email services. And as such, there is a wide range of software that could be at risk from attempts to exploit the vulnerability.

Who is impacted?

Log4j is used in a variety of software applications by a large number of popular online platforms, including Apple, Twitter, Amazon, Tesla, and Steam to name only a few. 

What should I do?

If you are a Dedicated or Cloud Server client and do not provide WHC with direct access to your server, please ensure that you are using the latest supported cPanel version. See how to upgrade to the latest cPanel version

Once you’re up to date, you can use the following command to check the status of your server (via the command line):

rpm -q cpanel-dovecot-solr --changelog | grep CVE-2021-44228

If you have a Web Hosting, Managed WordPress Hosting, or Reseller Hosting account, no action is required on your part.

At this point, we have not identified any impact relating to this flaw on the WHC platform. Our team has already patched our servers, and are diligently continuing to monitor the situation so we can take appropriate action as needed.

For additional information, you can follow updates on the cPanel forum, or on the official Apache foundation Log4j page.



About the author: Tim Robards

Tim is WHC's Technical Writer & Integrator. When he's not writing user guides or filming tutorials, you’ll likely find him building websites or enjoying the great outdoors.

See all articles from this author Interested in writing for Web Hosting Canada?
Web Hosting Canada manages fast and reliable online infrastructure with 24/7 support. Learn more about WHC