Apache Lenya 2.0.4 Test suite #13
DownloadDescription
This test case takes a value and attempts to convert it to
upper case. If the value contains anything other than a-zA-Z,
then an exception is thrown, but not caught.
Metadata
- Base program: Apache Lenya
- Source Taint: SOCKET
- Data Type: ARRAY
- Data Flow: ADDRESS_AS_FUNCTION_RETURN_VALUE
- Control Flow: INDIRECTLY_RECURSIVE
Displaying test cases 426 - 450 of 477 in total
-
The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service because of excessive looping. This test will try to access a user-controlled file, repeatedly trying if the access fails. The user provides an intentionally bad path, forci...
-
The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service because of excessive looping. This test will try to access a user-controlled file, repeatedly trying if the access fails. The user provides an intentionally bad path, forci...
-
The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service because of excessive looping. This test will try to access a user-controlled file, repeatedly trying if the access fails. The user provides an intentionally bad path, forci...
-
The software uses external input to construct a pathname that should be within a restricted directory, but it does not neutralize absolute path sequences such as '/abs/path' that can resolve to a location that is outside of that directory. This test takes in a filename to read. Since the provided...
-
Test will take in a value that is a path to a file under the working directory that will then be displayed. The path isn't checked for ../ characters and as a result will display files outside of the current working directory. Metadata - Base program: Apache Lenya - Source Taint: SOCKET - D...
-
The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service because of excessive looping. This test will try to access a user-controlled file, repeatedly trying if the access fails. The user provides an intentionally bad path, forci...
-
The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service because of excessive looping. This test will try to access a user-controlled file, repeatedly trying if the access fails. The user provides an intentionally bad path, forci...
-
The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object. This test will ac...
-
Test will take in a value that is a path to a file under the working directory that will then be displayed. The path isn't checked for ../ characters and as a result will display files outside of the current working directory. Metadata - Base program: Apache Lenya - Source Taint: SOCKET - D...
-
The product does not properly check inputs that are used for loop conditions when creating a random file name. If the target size of filename is too large for the filesystem, an IOException is raised and kills the current thread. Metadata - Base program: Apache Lenya - Source Taint: ENVIRONM...
-
Test will take in a value that is a path to a file under the current working directory which will then be displayed. The input is checked for .. characters, then URI-decoded. This misses percent-encoded .. (%2E%2E) characters and allows arbitrary read access. Metadata - Base program: Apache L...
-
The software uses external input to construct a pathname that should be within a restricted directory, but it does not neutralize absolute path sequences such as '/abs/path' that can resolve to a location that is outside of that directory. This test takes in a filename to read. Since the provided...
-
The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object. This test will ac...
-
The software uses external input to construct a pathname that should be within a restricted directory, but it does not neutralize absolute path sequences such as '/abs/path' that can resolve to a location that is outside of that directory. This test takes in a filename to read. Since the provided...
-
The product does not properly check inputs that are used for loop conditions when creating a random file name. If the target size of filename is too large for the filesystem, an IOException is raised and kills the current thread. Metadata - Base program: Apache Lenya - Source Taint: ENVIRONM...
-
The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object. This test will ac...
-
Test will take in a value that is a path to a file under the current working directory which will then be displayed. The input is checked for .. characters, then URI-decoded. This misses percent-encoded .. (%2E%2E) characters and allows arbitrary read access. Metadata - Base program: Apache L...
-
The product does not properly check inputs that are used for loop conditions when creating a random file name. If the target size of filename is too large for the filesystem, an IOException is raised and kills the current thread. Metadata - Base program: Apache Lenya - Source Taint: ENVIRONM...
-
The software uses external input to construct a pathname that should be within a restricted directory, but it does not neutralize absolute path sequences such as '/abs/path' that can resolve to a location that is outside of that directory. This test takes in a filename to read. Since the provided...
-
The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object. This test will ac...
-
The product does not properly check inputs that are used for loop conditions when creating a random file name. If the target size of filename is too large for the filesystem, an IOException is raised and kills the current thread. Metadata - Base program: Apache Lenya - Source Taint: FILE_CON...
-
Test will take in a value that is a path to a file under the working directory that will then be displayed. The path isn't checked for ../ characters and as a result will display files outside of the current working directory. Metadata - Base program: Apache Lenya - Source Taint: SOCKET - D...
-
The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object. This test will ac...
-
The software uses external input to construct a pathname that should be within a restricted directory, but it does not neutralize absolute path sequences such as '/abs/path' that can resolve to a location that is outside of that directory. This test takes in a filename to read. Since the provided...
-
The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service because of excessive looping. This test will try to access a user-controlled file, repeatedly trying if the access fails. The user provides an intentionally bad path, forci...