Sidebar

Announcement

Ahsay Backup Software

Backup Set Types

Supported Storage

Features in OBM / ACB

Features in CBS

Brand and Customize

License

Documentation

Performance Testing

FAQs and Known Issues

Can't Find What You Need?

public:5259_faq:how_to_fix_the_openssl_padding_oracle_vulnerability_cve-2016-2107_issue_by_updating_tomcat_to_the_latest_version_for_ahsaycbs_v7_on_windows

FAQ: How to fix the OpenSSL Padding Oracle vulnerability (CVE-2016-2107) issue by updating Tomcat to the latest version for AhsayCBS v7 on Windows

Article ID: 5259
Reviewed: 25/07/2017

Product Version:
AhsayCBS: 7.5.0.0 - 7.13.0.x
OS: Windows

Description

This article will provide the steps to upgrade the existing AhsayCBS v7 bundled Tomcat version from v7.0.59, to the latest v7.0.72 on Windows platform. To resolve the OpenSSL Padding Oracle vulnerability (CVE-2016-2107) issue.

Important:
After you have updated your Tomcat version, we recommended that you consider using cbs-win.zip installer to upgrade your AhsayCBS to a newer version. As the cbs-win.exe installer will automatically over write the exiting Tomcat version with the bundled version v7.0.59, you will need to manually update Tomcat to v7.0.72 again each time you upgrade AhsayCBS to a newer version.

Assumptions:

  • The AhsayCBS server is installed with a supported Windows Operating System. (please refer to the following KB article for details https://forum.ahsay.com/viewtopic.php?f=169&t=13492 )
  • AhsayCBS version is v7.13.0.0 or above.
  • AhsayCBS installation path %CBS_INSTALL_PATH%

Steps

  1. Download the Tomcat v7.0.72 patch http://download.ahsay.com/dev/hot-fixes/79/7900/cbs-hotfix-task14766.zip
  2. Shutdown the AhsayCBS service:
    [Control Panel ] > [ Administrative Tools ] > [ Services ] > [ Ahsay Cloud Backup Suite ] > [ Stop ]
    [Control Panel ] > [ Administrative Tools ] > [ Services ] > [ Ahsay Cloud Backup Suite NFS Service ] > [ Stop ]
  3. Make a backup copy of the following folders %CBS_INSTALL_PATH%\conf , %CBS_INSTALL_PATH%\tomcat , %CBS_INSTALL_PATH%\lib folders
  4. Unzip the files and folders and copy them to the %CBS_INSTALL_PATH%
  5. Start the AhsayCBS service:
    [Control Panel ] > [ Administrative Tools ] > [ Services ] > [ Ahsay Cloud Backup Suite ] > [ Start ]
    [Control Panel ] > [ Administrative Tools ] > [ Services ] > [ Ahsay Cloud Backup Suite NFS Service ] > [ Start ]
  6. To verify the Tomcat version has been updated to v7.0.72. Check the %CBS_INSTALL_PATH%\logs\catalina_YYYY-MM-DD.log file:

    Example:

    Jul 25, 2017 10:25:33 AM org.apache.catalina.core.StandardService startInternal
    INFO: Starting service Catalina
    Jul 25, 2017 10:25:33 AM org.apache.catalina.core.StandardEngine startInternal
    INFO: Starting Servlet Engine: Apache Tomcat/7.0.72
    Jul 25, 2017 10:25:36 AM org.apache.catalina.startup.TldConfig execute

Keywords

Tomcat, AhsayCBS, v7.0.72, OpenSSL Padding Oracle Vulnerability, CVE-2016-2107

public/5259_faq/how_to_fix_the_openssl_padding_oracle_vulnerability_cve-2016-2107_issue_by_updating_tomcat_to_the_latest_version_for_ahsaycbs_v7_on_windows.txt · Last modified: 2018/06/28 15:19 by mike.gong