Situation
The vulnerability CVE-2021-44790 affects mod_lua module from Apache HTTP Server.
Impact
Plesk itself is not affected by the vulnerability. We also do not ship the mod_lua module in our repositories.
However, the Apache web server packages are installed from the official OS vendors' repositories, and some operating systems ship and enable this module by default (for example, every supported RHEL system).
Call to Action
To protect customers’ website that might be affected by the vulnerability, follow the recommendations from the OS vendor/package maintainer and always keep the system up to date.
Plesk has an embedded mechanism to update system packages:
Â
It is also possible to temporarily disable the mod_lua module:
-
via Plesk UI:
How to enable/disable Apache modules shipped with Plesk -
via CLI:
# plesk sbin httpd_modules_ctl --disable lua