The SAMATE Project

Department of Homeland Security

Back to the previous page

Test Case ID	47587
Bad / Good / Mixed	Mixed
Author
Associations	Test suite: 69
Added by	SAMATE Team Staff
Language	Java
Type of test case	Source Code
Input string
Expected Output
Instructions
Submission date	2011-04-08
Description	CWE: 113 HTTP Response Splitting BadSource: Environment Read a string from an environment variable GoodSource: A hardcoded string Sinks: addCookieServlet GoodSink: URLEncode input BadSink : querystring to addCookie() Flow Variant: 06 Control flow: if(private_final_five==5) and if(private_final_five!=5)
File(s)	IO.java (2.59 kB) AbstractTestCaseServlet.java (4.38 kB) CWE113_HTTP_Response_Splitting__Environment_addCookieServlet_06.java (8.69 kB)
Flaw	CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') • 1

There is 1 comment

Have any comments on this test case? Please, .

IO.java
AbstractTestCaseServlet.java
CWE113_HTTP_Response_Splitting__Environment_addCookieServlet_06.java

File Contains:
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') on line(s): 60