Official Red Hat log4j checker finds positive
-
Elasticsearch is identified as one of the vulnerable apps. I believe Horde is part of cpanel. Any concern? /usr/share/doc/cpanel-php73-horde-elasticsearch-1.0.4 /usr/share/doc/cpanel-php73-horde-elasticsearch-1.0.4/COPYING /usr/share/doc/cpanel-php73-horde-elasticsearch-1.0.4/examples /usr/share/doc/cpanel-php73-horde-elasticsearch-1.0.4/examples/add.php /usr/share/doc/cpanel-php73-horde-elasticsearch-1.0.4/examples/count.php /usr/share/doc/cpanel-php73-horde-elasticsearch-1.0.4/examples/get.php /usr/share/doc/cpanel-php73-horde-elasticsearch-1.0.4/examples/map.php /usr/share/doc/cpanel-php73-horde-elasticsearch-1.0.4/examples/search.php /usr/share/doc/cpanel-php73-horde-elasticsearch-1.0.4/examples/status.php 0 -
The only service provided by the cPanel software that uses the logging utility Log4j is cpanel-dovecot-solr. If you do not have this installed, then your server is secure.
If it's not a dumb question... surely it's possible that software NOT provided by cPanel, which DOES include the affected Log4j software, has been installed on cPanel servers? If this is the case, then surely it's not strictly true to state that "If you do not have this (cpanel-dovecot-solr) installed, then your server is secure." ?0 -
If it's not a dumb question... surely it's possible that software NOT provided by cPanel, which DOES include the affected Log4j software, has been installed on cPanel servers? If this is the case, then surely it's not strictly true to state that "If you do not have this (cpanel-dovecot-solr) installed, then your server is secure." ?
My apologies for the reductive statement. I simply mean that the support cPanel-side aspects of the server would be secure.0
Please sign in to leave a comment.
Comments
4 comments