===== [V7] FAQ: How to fix the OpenSSL Padding Oracle vulnerability (CVE-2016-2107) issue by updating Tomcat to the latest version for AhsayCBS v7 on Windows =====
Article ID: 5259
Reviewed: 2017-07-25

Product Version:
AhsayCBS: 7.5.0.0 - 7.13.0.x
OS: Windows

ATTENTION 1st January, 2022: v7 officially End-of-Life [details] ===== Description ===== This article will provide the steps to upgrade the existing AhsayCBS v7 bundled Tomcat version from v7.0.59, to the latest v7.0.72 on Windows platform. To resolve the OpenSSL Padding Oracle vulnerability (CVE-2016-2107) issue.

Important:
After you have updated your Tomcat version, we recommended that you consider using cbs-win.zip installer to upgrade your AhsayCBS to a newer version. As the cbs-win.exe installer will automatically over write the exiting Tomcat version with the bundled version v7.0.59, you will need to manually update Tomcat to v7.0.72 again each time you upgrade AhsayCBS to a newer version.

Assumptions:
===== Steps =====
  1. Download the Tomcat v7.0.72 patch http://download.ahsay.com/dev/hot-fixes/79/7900/cbs-hotfix-task14766.zip
  2. Shutdown the AhsayCBS service:
    [Control Panel ] > [ Administrative Tools ] > [ Services ] > [ Ahsay Cloud Backup Suite ] > [ Stop ]
    [Control Panel ] > [ Administrative Tools ] > [ Services ] > [ Ahsay Cloud Backup Suite NFS Service ] > [ Stop ]
  3. Make a backup copy of the following folders %CBS_INSTALL_PATH%\conf , %CBS_INSTALL_PATH%\tomcat , %CBS_INSTALL_PATH%\lib folders
  4. Unzip the files and folders and copy them to the %CBS_INSTALL_PATH%
  5. Start the AhsayCBS service:
    [Control Panel ] > [ Administrative Tools ] > [ Services ] > [ Ahsay Cloud Backup Suite ] > [ Start ]
    [Control Panel ] > [ Administrative Tools ] > [ Services ] > [ Ahsay Cloud Backup Suite NFS Service ] > [ Start ]
  6. To verify the Tomcat version has been updated to v7.0.72. Check the %CBS_INSTALL_PATH%\logs\catalina_YYYY-MM-DD.log file:

    Example:
    Jul 25, 2017 10:25:33 AM org.apache.catalina.core.StandardService startInternal INFO: Starting service Catalina Jul 25, 2017 10:25:33 AM org.apache.catalina.core.StandardEngine startInternal INFO: Starting Servlet Engine: Apache Tomcat/7.0.72 Jul 25, 2017 10:25:36 AM org.apache.catalina.startup.TldConfig execute
===== Keywords ===== Tomcat, AhsayCBS, v7.0.72, OpenSSL Padding Oracle Vulnerability, CVE-2016-2107