Test case 149024

Deprecated test case

This version contains mistakes, making it deprecated. Deprecated test cases should not be used for new work. However, They remain in the SARD as a reference to redo previous work.

Type: source code
State: bad
Author: Ignite Realtime
Status: deprecated
Language: Java
Application: cpe:2.3:a:igniterealtime:openfire:3.6.0:-:*:*:*:*:*:*
Submission Date: 01 Aug 2014

Description

openfire-3.6.0

Flaws

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-862 Missing Authorization

Test Suites

Openfire 3.6.0
Open Fire 3.6.0

Documentation

Overview.pdf
Test Case Creation Guide.pdf
Weaknesses Documentation.pdf
TEXAS User Guide.pdf
Communication API Guide.pdf
System Design Document.pdf
Test and Evaluation Phase 3 Final Report.pdf
Test Generation Report
Kestrel Institute Report.pdf

Have any comments on this test case? Please, send us an email.