IARPA STONESOUP Phase 3 - Test Cases Test suite #102
DownloadDescription
A collection of C and Java test cases based on 16 widely-used open-source software in which vulnerabilities have been seeded. It comes bundled in a virtual machine for ease of use. This product contains or makes use of Intelligence Advanced Research Projects Activity (IARPA) data from the STONESOUP program. Any product, report, publication, presentation, or other document including or referencing the IARPA data herein should include this statement. All documents related to the STONESOUP program can be found at the documents page. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic.
Displaying test cases 7601 - 7625 of 7770 in total
-
Test will take in a value that is a path to a file under the working directory that will then be displayed. The path isn't checked for ../ characters and as a result will display files outside of the current working directory. Metadata - Base program: Apache POI - Source Taint: SOCKET - Dat...
-
Test will take in a value that is a path to a file under the working directory that will then be displayed. The path isn't checked for ../ characters and as a result will display files outside of the current working directory. Metadata - Base program: Apache Lucene - Source Taint: SOCKET - ...
-
The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object. This test will ac...
-
The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service because of excessive looping. This test will try to access a user-controlled file, repeatedly trying if the access fails. The user provides an intentionally bad path, forci...
-
The software uses external input to construct a pathname that should be within a restricted directory, but it does not neutralize absolute path sequences such as '/abs/path' that can resolve to a location that is outside of that directory. This test takes in a filename to read. Since the provided...
-
Test will take in a value that is a path to a file under the current working directory which will then be displayed. The input is checked for .. characters, then URI-decoded. This misses percent-encoded .. (%2E%2E) characters and allows arbitrary read access. Metadata - Base program: Coffee M...
-
The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object. This test will ac...
-
The product does not properly check inputs that are used for loop conditions when creating a random file name. If the target size of filename is too large for the filesystem, an IOException is raised and kills the current thread. Metadata - Base program: Apache Lucene - Source Taint: FILE_CO...
-
The software uses external input to construct a pathname that should be within a restricted directory, but it does not neutralize absolute path sequences such as '/abs/path' that can resolve to a location that is outside of that directory. This test takes in a filename to read. Since the provided...
-
The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service because of excessive looping. This test will try to access a user-controlled file, repeatedly trying if the access fails. The user provides an intentionally bad path, forci...
-
The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service because of excessive looping. This test will try to access a user-controlled file, repeatedly trying if the access fails. The user provides an intentionally bad path, forci...
-
Test will take in a value that is a path to a file under the current working directory which will then be displayed. The input is checked for .. characters, then URI-decoded. This misses percent-encoded .. (%2E%2E) characters and allows arbitrary read access. Metadata - Base program: Apache P...
-
The product does not properly check inputs that are used for loop conditions when creating a random file name. If the target size of filename is too large for the filesystem, an IOException is raised and kills the current thread. Metadata - Base program: Apache POI - Source Taint: ENVIRONMEN...
-
The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service because of excessive looping. This test will try to access a user-controlled file, repeatedly trying if the access fails. The user provides an intentionally bad path, forci...
-
The product does not properly check inputs that are used for loop conditions when creating a random file name. If the target size of filename is too large for the filesystem, an IOException is raised and kills the current thread. Metadata - Base program: Apache Lenya - Source Taint: ENVIRONM...
-
Test will take in a value that is a path to a file under the working directory that will then be displayed. The path isn't checked for ../ characters and as a result will display files outside of the current working directory. Metadata - Base program: Apache Jena - Source Taint: SOCKET - Da...
-
The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object. This test will ac...
-
Test will take in a value that is a path to a file under the working directory that will then be displayed. The path isn't checked for ../ characters and as a result will display files outside of the current working directory. Metadata - Base program: Apache Lucene - Source Taint: SOCKET - ...
-
Test will take in a value that is a path to a file under the current working directory which will then be displayed. The input is checked for .. characters, then URI-decoded. This misses percent-encoded .. (%2E%2E) characters and allows arbitrary read access. Metadata - Base program: Coffee M...
-
Test will take in a value that is a path to a file under the current working directory which will then be displayed. The input is checked for .. characters, then URI-decoded. This misses percent-encoded .. (%2E%2E) characters and allows arbitrary read access. Metadata - Base program: Apache J...
-
The product does not properly check inputs that are used for loop conditions when creating a random file name. If the target size of filename is too large for the filesystem, an IOException is raised and kills the current thread. Metadata - Base program: Apache Jena - Source Taint: SOCKET -...
-
The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service because of excessive looping. This test will try to access a user-controlled file, repeatedly trying if the access fails. The user provides an intentionally bad path, forci...
-
Test will take in a value that is a path to a file under the working directory that will then be displayed. The path isn't checked for ../ characters and as a result will display files outside of the current working directory. Metadata - Base program: Apache Lenya - Source Taint: SOCKET - D...
-
The software uses external input to construct a pathname that should be within a restricted directory, but it does not neutralize absolute path sequences such as '/abs/path' that can resolve to a location that is outside of that directory. This test takes in a filename to read. Since the provided...
-
Test will take in a value that is a path to a file under the working directory that will then be displayed. The path isn't checked for ../ characters and as a result will display files outside of the current working directory. Metadata - Base program: Apache Lucene - Source Taint: SOCKET - ...