Crucial Hosting incident

Log4Shell: RCE 0-day exploit - CVE-2021-44228

Notice Resolved View vendor source →

Crucial Hosting experienced a notice incident on December 13, 2021, lasting 10d 21h. The incident has been resolved; the full update timeline is below.

Started
Dec 13, 2021, 01:57 AM UTC
Resolved
Dec 23, 2021, 11:54 PM UTC
Duration
10d 21h
Detected by Pingoru
Dec 13, 2021, 01:57 AM UTC

Update timeline

  1. identified Dec 13, 2021, 01:57 AM UTC

    We are investigating the impact of the reported Java Log4j Remote Code Execution Vulnerability (CVE-2021-44228) on our managed clients and infrastructure. Packages have already been automatically updated with the upstream patches when available from vendors. When updates are not available from upstream vendors, we are investigating the next best course of action to ensure all systems and services remain secure.

  2. monitoring Dec 15, 2021, 04:49 AM UTC

    cPanel has released an update which fixes the Java Log4j Remote Code Execution Vulnerability (CVE-2021-44228). We have confirmed this update has been applied to all of our shared & reseller hosting servers. This update will have also applied to our Managed cPanel clients during the nightly cPanel updates. We are continuing to monitoring all shared, reseller and managed services in the usual manner.

  3. resolved Dec 23, 2021, 11:54 PM UTC

    This incident has been resolved.