Back to the previous page
Test Case ID | ![]() |
Bad / Good / Mixed | Mixed![]() |
Author | |
Associations | Test suite: 69 |
Added by | SAMATE Team Staff |
Language | Java |
Type of test case | Source Code |
Input string | |
Expected Output | |
Instructions | |
Submission date | 2011-04-08 |
Description | CWE: 113 HTTP Response Splitting BadSource: Environment Read a string from an environment variable GoodSource: A hardcoded string Sinks: addCookieServlet GoodSink: URLEncode input BadSink : querystring to addCookie() Flow Variant: 02 Control flow: if(true) and if(false) |
File(s) |
|
Flaw |
There is 1 comment
Have any comments on this test case? Please,
.
- IO.java
- CWE113_HTTP_Response_Splitting__Environment_addCookieServlet_02.java
- AbstractTestCaseServlet.java
File Contains:
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') on line(s): 55
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') on line(s): 55