SAMATE Logo NIST Logo The SAMATE Project Department of Homeland Security
Downloads:  Download this Test Case #47583

Back to the previous page... Back to the previous page

Test Case IDDeprecated47583
Bad / Good / MixedMixedMixed test case
Author
Associations
Test suite: 69  
Added bySAMATE Team Staff
LanguageJava
Type of test caseSource Code
Input string
Expected Output
Instructions
Submission date2011-04-08
DescriptionCWE: 113 HTTP Response Splitting
BadSource: Environment Read a string from an environment variable
GoodSource: A hardcoded string
Sinks: addCookieServlet
GoodSink: URLEncode input
BadSink : querystring to addCookie()
Flow Variant: 02 Control flow: if(true) and if(false)
File(s)
Flaw

There is 1 comment
Have any comments on this test case? Please, .


					
				
File Contains:
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') on line(s): 55