PARSED-EMPTY-VAL
| Test ID | COOK-PARSED-EMPTY-VAL |
| Category | Cookies |
| Scored | No |
| RFC Level | N/A |
| Expected | 2xx (no crash) |
What it sends
Cookie with empty value parsed without crash.
GET /cookie HTTP/1.1\r\n
Host: localhost:8080\r\n
Cookie: foo=\r\n
\r\nWhy it matters
Cookies with empty values (foo=) are valid per RFC 6265 but can crash parsers that assume a non-empty value after the = sign.
Verdicts
- Pass — 2xx or 400
- Warn — 404 (endpoint not available)
- Fail — 500 (crash)
Sources
- RFC 6265 §5.4 — Cookie header