SAMATE Logo NIST Logo The SAMATE Project Department of Homeland Security
Downloads:  Download this Test Case #149003

Back to the previous page... Back to the previous page

Test Case IDCandidate149003
Bad / Good / MixedBadBad test case
AuthorThe Apache Software Foundation
Associations
Test suite: 95  
Added bySAMATE Team Staff
LanguageJava
Type of test caseSource Code
Input string
Expected Output
Instructions
Submission date2014-08-01
Descriptionapache-tomcat-5.5.13
File(s)
Flaw

There are no comments
Have any comments on this test case? Please, .

File Contains:
CWE-079: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') on line(s): 77, 79, 88, 97, 101, 197, 198, 250, 254, 256, 259, 260, 264, 268, 272, 277

					
				
File Contains:
CWE-022: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') on line(s): 1252
CWE-200: Information Exposure on line(s): 324, 350, 630, 634, 697, 792, 802

					
				
File Contains:
CWE-022: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') on line(s): 247, 261, 264, 282, 856, 859

					
				
File Contains:
CWE-079: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') on line(s): 29, 36, 46, 52, 56, 65

					
				
File Contains:
CWE-020: Improper Input Validation on line(s): 898, 908, 1704
CWE-079: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') on line(s): 935, 1644

					
				
File Contains:
CWE-200: Information Exposure on line(s): 2283
CWE-020: Improper Input Validation on line(s): 1365
CWE-022: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') on line(s): 1239, 1242, 1245

					
				
File Contains:
CWE-022: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') on line(s): 157, 264, 286, 289
CWE-264: Permissions, Privileges, and Access Controls on line(s): 169

					
				
File Contains:
CWE-020: Improper Input Validation on line(s): 936, 1662
CWE-079: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') on line(s): 962, 1602

					
				
File Contains:
CWE-200: Information Exposure on line(s): 202, 252, 254, 427