AhsayCBS (DIY)How to fix CVE-2016-2107 by updating Tomcat for AhsayCBS v7
June 4, 2025
Product Version
AhsayCBS: 7.5.0.0 - 7.13.0.x
Operating System
Windows
Description
This article will provide the steps to upgrade the existing AhsayCBS v7 bundled Tomcat version from v7.0.59, to the latest v7.0.72 on Windows platform. To resolve the OpenSSL Padding Oracle vulnerability (CVE-2016-2107) issue.
After you have updated your Tomcat version, we recommended that you consider using cbs-win.zip installer to upgrade your AhsayCBS to a newer version. As the cbs-win.exe installer will automatically over write the exiting Tomcat version with the bundled version v7.0.59, you will need to manually update Tomcat to v7.0.72 again each time you upgrade AhsayCBS to a newer version.
Solution
To eliminate this vulnerability, please upgrade to AhsayCBS 7.17.2.2 or above.
This issue affects a legacy version of our software. We strongly recommend upgrading to the latest AhsayCBS and AhsayOBM release (v9.15.0.0, as of 2025/May/15) for improved performance, compatibility, and security.
Contact us to confirm your license is valid to upgrade.