Pentester Lab: CVE-2007-1860: mod_jk double-decoding

  • Name: Pentester Lab: CVE-2007-1860: mod_jk double-decoding
  • Date release: 17 Apr 2014

Please remember that VulnHub is a free community resource so we are unable to check the machines that are provided to us. Before you download, please read our FAQs sections dealing with the dangers of running unknown VMs and our suggestions for "protecting yourself and your network. If you understand the risks, please download!


(Size: 191 MB)


(Size: 187 MB)




This exercise covers the exploitation of CVE-2008-1760. This vulnerability allows an attacker to gain access to unaccessible pages using crafted requests. This is a common trick that a lot of testers miss.

What you will learn?

  • Tomcat
  • Java WebShell
  • Exploitation of CVE-2008-1760

  • Filename: cve-2007-1860_i386.iso
  • File size: 191 MB
  • MD5: 0A06A7C4521B4B5C842E90F2DE9E4F3C
  • SHA1: F059274CC6E03C7C5CFDDB1E181C1F15EBAF32CF

  • Filename: _cve-2007-1860.iso
  • File size: 187 MB
  • MD5: 4C03139ABBBEF639E3DD280E2B1E11CD
  • SHA1: 9B4333EA67787996FF31364BE2D089AA009739D1

  • Format: Disk Image (.ISO)
  • Operating System: Linux

  • DHCP service: Enabled
  • IP address: Automatically assign