services: # ---- Vulnerable back-end Tomcat (last vulnerable 9.x: 9.0.115) ---- backend-vuln: build: context: . dockerfile: Dockerfile.backend args: TOMCAT_TAG: 9.0.115-jdk17-temurin image: cve-2026-24880-backend-vuln container_name: cve-2026-24880-backend-vuln environment: NONCE_DIR: /nonce networks: - cvenet expose: - "8080" healthcheck: test: ["CMD-SHELL", "test -s /nonce/boot_nonce"] interval: 3s timeout: 3s retries: 20 # ---- CRLF-permissive front-end proxy in front of the vulnerable back-end ---- frontend-vuln: build: context: . dockerfile: Dockerfile.frontend image: cve-2026-24880-frontend container_name: cve-2026-24880-frontend-vuln environment: FRONTEND_PORT: "8000" BACKEND_HOST: backend-vuln BACKEND_PORT: "8080" depends_on: backend-vuln: condition: service_healthy networks: - cvenet ports: - "127.0.0.1:8000:8000" # ---- Fixed back-end Tomcat (first fixed 9.x: 9.0.116) -- NEGATIVE CONTROL ---- backend-fixed: build: context: . dockerfile: Dockerfile.backend args: TOMCAT_TAG: 9.0.116-jdk17-temurin image: cve-2026-24880-backend-fixed container_name: cve-2026-24880-backend-fixed environment: NONCE_DIR: /nonce networks: - cvenet expose: - "8080" healthcheck: test: ["CMD-SHELL", "test -s /nonce/boot_nonce"] interval: 3s timeout: 3s retries: 20 # ---- Same front-end proxy in front of the fixed back-end ---- frontend-fixed: image: cve-2026-24880-frontend container_name: cve-2026-24880-frontend-fixed environment: FRONTEND_PORT: "8000" BACKEND_HOST: backend-fixed BACKEND_PORT: "8080" depends_on: frontend-vuln: condition: service_started backend-fixed: condition: service_healthy networks: - cvenet ports: - "127.0.0.1:8001:8000" networks: cvenet: driver: bridge