SAMATE Logo NIST Logo The SAMATE Project Department of Homeland Security
Downloads:  Download this Test Case #47584

Back to the previous page... Back to the previous page

Test Case IDDeprecated47584
Bad / Good / MixedMixedMixed test case
Author
Associations
Test suite: 69  
Added bySAMATE Team Staff
LanguageJava
Type of test caseSource Code
Input string
Expected Output
Instructions
Submission date2011-04-08
DescriptionCWE: 113 HTTP Response Splitting
BadSource: Environment Read a string from an environment variable
GoodSource: A hardcoded string
Sinks: addCookieServlet
GoodSink: URLEncode input
BadSink : querystring to addCookie()
Flow Variant: 03 Control flow: if(5==5) and if(5!=5)
File(s)
Flaw

There is 1 comment
Have any comments on this test case? Please, .

File Contains:
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') on line(s): 55