CoffeeMUD 5.8 Test suite #9
DownloadDescription
CoffeeMud is a very large computer program that provides a foundation upon which one can most efficiently build a text based MUD of their very own.
This product contains or makes use of Intelligence Advanced Research Projects Activity (IARPA) data from the STONESOUP program. Any product, report, publication, presentation, or other document including or referencing the IARPA data herein should include this statement. All documents related to the STONESOUP program can be found at the documents page.NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic.
Documentation
Displaying test cases 401 - 425 of 478 in total
-
The product does not properly check inputs that are used for loop conditions when creating a random file name. If the target size of filename is too large for the filesystem, an IOException is raised and kills the current thread. Metadata - Base program: Coffee MUD - Source Taint: FILE_CONTE...
-
The software uses external input to construct a pathname that should be within a restricted directory, but it does not neutralize absolute path sequences such as '/abs/path' that can resolve to a location that is outside of that directory. This test takes in a filename to read. Since the provided...
-
The software uses external input to construct a pathname that should be within a restricted directory, but it does not neutralize absolute path sequences such as '/abs/path' that can resolve to a location that is outside of that directory. This test takes in a filename to read. Since the provided...
-
The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object. This test will ac...
-
The product does not properly check inputs that are used for loop conditions when creating a random file name. If the target size of filename is too large for the filesystem, an IOException is raised and kills the current thread. Metadata - Base program: Coffee MUD - Source Taint: FILE_CONTE...
-
The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service because of excessive looping. This test will try to access a user-controlled file, repeatedly trying if the access fails. The user provides an intentionally bad path, forci...
-
The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service because of excessive looping. This test will try to access a user-controlled file, repeatedly trying if the access fails. The user provides an intentionally bad path, forci...
-
The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service because of excessive looping. This test will try to access a user-controlled file, repeatedly trying if the access fails. The user provides an intentionally bad path, forci...
-
The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object. This test will ac...
-
Test will take in a value that is a path to a file under the working directory that will then be displayed. The path isn't checked for ../ characters and as a result will display files outside of the current working directory. Metadata - Base program: Coffee MUD - Source Taint: SOCKET - Dat...
-
The product does not properly check inputs that are used for loop conditions when creating a random file name. If the target size of filename is too large for the filesystem, an IOException is raised and kills the current thread. Metadata - Base program: Coffee MUD - Source Taint: FILE_CONTE...
-
The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object. This test will ac...
-
The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object. This test will ac...
-
The software uses external input to construct a pathname that should be within a restricted directory, but it does not neutralize absolute path sequences such as '/abs/path' that can resolve to a location that is outside of that directory. This test takes in a filename to read. Since the provided...
-
Test will take in a value that is a path to a file under the current working directory which will then be displayed. The input is checked for .. characters, then URI-decoded. This misses percent-encoded .. (%2E%2E) characters and allows arbitrary read access. Metadata - Base program: Coffee M...
-
Test will take in a value that is a path to a file under the current working directory which will then be displayed. The input is checked for .. characters, then URI-decoded. This misses percent-encoded .. (%2E%2E) characters and allows arbitrary read access. Metadata - Base program: Coffee M...
-
The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object. This test will ac...
-
The software uses external input to construct a pathname that should be within a restricted directory, but it does not neutralize absolute path sequences such as '/abs/path' that can resolve to a location that is outside of that directory. This test takes in a filename to read. Since the provided...
-
Test will take in a value that is a path to a file under the working directory that will then be displayed. The path isn't checked for ../ characters and as a result will display files outside of the current working directory. Metadata - Base program: Coffee MUD - Source Taint: SOCKET - Dat...
-
The product does not properly check inputs that are used for loop conditions when creating a random file name. If the target size of filename is too large for the filesystem, an IOException is raised and kills the current thread. Metadata - Base program: Coffee MUD - Source Taint: SOCKET - ...
-
The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object. This test will ac...
-
The software uses external input to construct a pathname that should be within a restricted directory, but it does not neutralize absolute path sequences such as '/abs/path' that can resolve to a location that is outside of that directory. This test takes in a filename to read. Since the provided...
-
The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object. This test will ac...
-
Test will take in a value that is a path to a file under the working directory that will then be displayed. The path isn't checked for ../ characters and as a result will display files outside of the current working directory. Metadata - Base program: Coffee MUD - Source Taint: SOCKET - Dat...
-
Test will take in a value that is a path to a file under the current working directory which will then be displayed. The input is checked for .. characters, then URI-decoded. This misses percent-encoded .. (%2E%2E) characters and allows arbitrary read access. Metadata - Base program: Coffee M...