CWE-435: Improper Interaction Between Multiple Correctly-Behaving Entities
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
An interaction error occurs when two entities have correct behavior when running independently of each other, but when they are integrated as components in a larger system or process, they introduce incorrect behaviors that may cause resultant weaknesses.
扩展描述
When a system or process combines multiple independent components, this often produces new, emergent behaviors at the system level. However, if the interactions between these components are not fully accounted for, some of the emergent behaviors can be incorrect or even insecure.
常见后果
影响范围: Integrity
技术影响: Unexpected State Varies by Context
观察示例
参考: CVE-2002-0485
Anti-virus product allows bypass via Content-Type and Content-Disposition headers that are mixed case, which are still processed by some clients.
参考: CVE-2003-0411
chain: Code was ported from a case-sensitive Unix platform to a case-insensitive Windows platform where filetype handlers treat .jsp and .JSP as different extensions. JSP source code may be read because .JSP defaults to the filetype "text".
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | - |
| Operation | - |
适用平台
编程语言
技术
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| PLOVER | - | Interaction Errors | - |
关键信息
CWE ID: CWE-435
抽象级别: Pillar
结构: Simple
状态: Draft