CWE-435: Improper Interaction Between Multiple Correctly-Behaving Entities
| Abstraction | Structure | Status |
|---|---|---|
| None | Simple | Draft |
Description
An interaction error occurs when two entities have correct behavior when running independently of each other, but when they are integrated as components in a larger system or process, they introduce incorrect behaviors that may cause resultant weaknesses.
Extended Description
When a system or process combines multiple independent components, this often produces new, emergent behaviors at the system level. However, if the interactions between these components are not fully accounted for, some of the emergent behaviors can be incorrect or even insecure.
Alternate Terms
- Interaction Error:
- Emergent Fault:
Modes of Introduction
| Phase | Note |
|---|---|
| Architecture and Design | - |
| Implementation | - |
| Operation | - |
Applicable Platforms
Languages
Class: Not Language-Specific
Technologies
Class: Not Technology-Specific
Common Consequences
| Scope | Impact | Note |
|---|---|---|
| Integrity | Unexpected State, Varies by Context |
Observed Examples
- CVE-2002-0485: Anti-virus product allows bypass via Content-Type and Content-Disposition headers that are mixed case, which are still processed by some clients.
- CVE-2003-0411: chain: Code was ported from a case-sensitive Unix platform to a case-insensitive Windows platform where filetype handlers treat .jsp and .JSP as different extensions. JSP source code may be read because .JSP defaults to the filetype “text”.