This article will provide the steps to upgrade the existing AhsayCBS v7 bundled Tomcat version from v7.0.59, to the latest v7.0.72 on Windows platform. To resolve the OpenSSL Padding Oracle vulnerability (CVE-2016-2107) issue.
After you have updated your Tomcat version, we recommended that you consider using cbs-win.zip installer to upgrade your AhsayCBS to a newer version. As the cbs-win.exe installer will automatically over write the exiting Tomcat version with the bundled version v7.0.59, you will need to manually update Tomcat to v7.0.72 again each time you upgrade AhsayCBS to a newer version.
Jul 25, 2017 10:25:33 AM org.apache.catalina.core.StandardService startInternal INFO: Starting service Catalina Jul 25, 2017 10:25:33 AM org.apache.catalina.core.StandardEngine startInternal INFO: Starting Servlet Engine: Apache Tomcat/7.0.72 Jul 25, 2017 10:25:36 AM org.apache.catalina.startup.TldConfig execute
Tomcat, AhsayCBS, v7.0.72, OpenSSL Padding Oracle Vulnerability, CVE-2016-2107