Plesk for Windows
Plesk for Linux
kb: technical
Applicable to:
- Plesk for Linux
- Plesk for Windows
Situation
CVE-2021-44228 is a vulnerability in Apache Log4j which is a Java library. So, this vulnerability may affect Java-based applications only.
Impact
Plesk does not use Java internally, so Plesk is not affected by this vulnerability. Since Tomcat support in Plesk was dropped in Plesk 17.8, Plesk does not support users' Java-based applications.
Call to action
No additional actions are required.
Comments
4 comments
Hey,
I just fired a "find" command to see if theres anything left with log4j on the server. I found some log4j entries in the microupdates folder (./parallels/PSA_17.8.11/microupdates/MU70/dist-deb-Ubuntu-16.04-x86_64/pmm-ras).
Is there any todo here for me or can this be ignored?
Thanks in advance!
Michael
Same Question as Michael
Michael Lang, Lenusch thank you for this question.
You may safely ignore it. pmm-ras does not use Java. It uses log4cpp library which is compatible with log4j, but it is not affected by this vulnerability.
Hi,
Solutions seems to be published here:
https://coreruleset.org/20211213/crs-and-log4j-log4shell-cve-2021-44228/
Where two ModSecurity changes should do the job:
# Generic rule against CVE-2021-44228 (Log4j / Log4Shell) # See https://coreruleset.org/20211213/crs-and-log4j-log4shell-cve-2021-44228/ SecRule REQUEST_LINE|ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS|XML://*|XML://@* "@rx (?:\${[^}]{0,4}\${|\${(?:jndi|ctx))" \ "id:1005,\ phase:2,\ block,\ t:none,t:urlDecodeUni,t:cmdline,\ log,\ msg:'Potential Remote Command Execution: Log4j CVE-2021-44228', \ tag:'application-multi',\ tag:'language-java',\ tag:'platform-multi',\ tag:'attack-rce',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/137/6',\ tag:'PCI/6.5.2',\ tag:'paranoia-level/1',\ ver:'OWASP_CRS/3.4.0-dev',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'"Please sign in to leave a comment.