CWE-436: Interpretation Conflict

参考: CVE-2005-1215

Bypass filters or poison web cache using requests with multiple Content-Length headers, a non-standard behavior.

参考: CVE-2002-0485

Anti-virus product allows bypass via Content-Type and Content-Disposition headers that are mixed case, which are still processed by some clients.

参考: CVE-2002-1978

FTP clients sending a command with "PASV" in the argument can cause firewalls to misinterpret the server's error as a valid response, allowing filter bypass.

参考: CVE-2002-1979

FTP clients sending a command with "PASV" in the argument can cause firewalls to misinterpret the server's error as a valid response, allowing filter bypass.

参考: CVE-2002-0637

Virus product bypass with spaces between MIME header fields and the ":" separator, a non-standard message that is accepted by some clients.

参考: CVE-2002-1777

AV product detection bypass using inconsistency manipulation (file extension in MIME Content-Type vs. Content-Disposition field).

参考: CVE-2005-3310

CMS system allows uploads of files with GIF/JPG extensions, but if they contain HTML, Internet Explorer renders them as HTML instead of images.

参考: CVE-2005-4260

Interpretation conflict allows XSS via invalid "<" when a ">" is expected, which is treated as ">" by many web browsers.

参考: CVE-2005-4080

Interpretation conflict (non-standard behavior) enables XSS because browser ignores invalid characters in the middle of tags.