Vulnerable Environments
Browse our collection of pre-built vulnerable environments for security research and education. Each environment is containerized with Docker and comes with detailed documentation.
36 Results in Webserver
Tomcat Session Deserialization Remote Code Execution
Explore the Tomcat Session Deserialization Remote Code Execution vulnerability and learn how to exploit it.
GlassFish 4.1.0 Arbitrary File Read
Explore the GlassFish 4.1.0 Arbitrary File Read vulnerability and learn how to exploit it.
Adobe ColdFusion XML Deserialization Leads to RCE
Explore the Adobe ColdFusion XML Deserialization Leads to RCE vulnerability and learn how to exploit it.
Adobe ColdFusion Local File Inclusion Leads to RCE
Explore the Adobe ColdFusion Local File Inclusion Leads to RCE vulnerability and learn how to exploit it.
WebLogic Unauthorized Remote Code Execution
Explore the WebLogic Unauthorized Remote Code Execution vulnerability and learn how to exploit it.
Apache APISIX Dashboard API Permission Bypass to RCE
Explore the Apache APISIX Dashboard API Permission Bypass to RCE vulnerability and learn how to exploit it.
Apache APISIX Hardcoded API Token Leads to RCE
Explore the Apache APISIX Hardcoded API Token Leads to RCE vulnerability and learn how to exploit it.
Apache HTTP Server 2.4.48 mod_proxy SSRF
Explore the Apache HTTP Server 2.4.48 mod_proxy SSRF vulnerability and learn how to exploit it.
Apache HTTP Server 2.4.50 Path Traversal
Explore the Apache HTTP Server 2.4.50 Path Traversal vulnerability and learn how to exploit it.
Apache HTTP Server 2.4.49 Path Traversal
Explore the Apache HTTP Server 2.4.49 Path Traversal vulnerability and learn how to exploit it.
Jetty WEB-INF Sensitive Information Disclosure
Explore the Jetty WEB-INF Sensitive Information Disclosure vulnerability and learn how to exploit it.
Jetty WEB-INF Sensitive Information Disclosure
Explore the Jetty WEB-INF Sensitive Information Disclosure vulnerability and learn how to exploit it.
Jetty Common Servlets Component ConcatServlet Information Disclosure
Explore the Jetty Common Servlets Component ConcatServlet Information Disclosure vulnerability and learn how to exploit it.
WebLogic Management Console Unauthorized Remote Command Execution
Explore the WebLogic Management Console Unauthorized Remote Command Execution vulnerability and learn how to exploit it.
Apache Tomcat AJP Bug
Explore the Apache Tomcat AJP Bug vulnerability and learn how to exploit it.
AppWeb Authentication Bypass
Explore the AppWeb Authentication Bypass vulnerability and learn how to exploit it.
Apache HTTP Server SSI Remote Command Execution
Explore the Apache HTTP Server SSI Remote Command Execution vulnerability and learn how to exploit it.
ACME mini_httpd Arbitrary File Read
Explore the ACME mini_httpd Arbitrary File Read vulnerability and learn how to exploit it.
WebLogic Arbitrary File Upload
Explore the WebLogic Arbitrary File Upload vulnerability and learn how to exploit it.
JBoss 4.x JBossMQ JMS Deserialization Remote Code Execution
Explore the JBoss 4.x JBossMQ JMS Deserialization Remote Code Execution vulnerability and learn how to exploit it.
Adobe ColdFusion File Read
Explore the Adobe ColdFusion File Read vulnerability and learn how to exploit it.
Weblogic WLS Core Components Deserialization Remote Command Execution
Explore the Weblogic WLS Core Components Deserialization Remote Command Execution vulnerability and learn how to exploit it.
Apache HTTPD Newline Parsing Vulnerability
Explore the Apache HTTPD Newline Parsing Vulnerability vulnerability and learn how to exploit it.
JBoss JMXInvokerServlet Deserialization Remote Code Execution
Explore the JBoss JMXInvokerServlet Deserialization Remote Code Execution vulnerability and learn how to exploit it.
Apache HTTPD Multiple Extension Parsing Vulnerability
Explore the Apache HTTPD Multiple Extension Parsing Vulnerability vulnerability and learn how to exploit it.
Nginx Parsing Vulnerability
Explore the Nginx Parsing Vulnerability vulnerability and learn how to exploit it.
Adobe ColdFusion Deserialization
Explore the Adobe ColdFusion Deserialization vulnerability and learn how to exploit it.
WebLogic < 10.3.6 'wls-wsat' XMLDecoder Deserialization Remote Command Execution
Explore the WebLogic < 10.3.6 'wls-wsat' XMLDecoder Deserialization Remote Command Execution vulnerability and learn how to exploit it.
JBoss 5.x/6.x Deserialization Remote Code Execution
Explore the JBoss 5.x/6.x Deserialization Remote Code Execution vulnerability and learn how to exploit it.
Tomcat Arbitrary Writing of Files in the PUT Method
Explore the Tomcat Arbitrary Writing of Files in the PUT Method vulnerability and learn how to exploit it.
Nginx Filename Logic Vulnerability
Explore the Nginx Filename Logic Vulnerability vulnerability and learn how to exploit it.
Nginx Cache Leak by Integer Overflow
Explore the Nginx Cache Leak by Integer Overflow vulnerability and learn how to exploit it.
Nginx Misconfiguration Vulnerabilities
Explore the Nginx Misconfiguration Vulnerabilities vulnerability and learn how to exploit it.
Weblogic UDDI Explorer Server-Side Request Forgery (SSRF)
Explore the Weblogic UDDI Explorer Server-Side Request Forgery (SSRF) vulnerability and learn how to exploit it.
WebLogic Weak Password, Arbitrary File Read and Remote Code Execution
Explore the WebLogic Weak Password, Arbitrary File Read and Remote Code Execution vulnerability and learn how to exploit it.
Tomcat Weak Password
Explore the Tomcat Weak Password vulnerability and learn how to exploit it.