CWE-436: Interpretation Conflict
Description
Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.
Submission Date :
July 19, 2006, midnight
Modification Date :
2023-06-29 00:00:00+00:00
Organization :
MITRE
Extended Description
This is generally found in proxies, firewalls, anti-virus software, and other intermediary devices that monitor, allow, deny, or modify traffic based on how the client or server is expected to behave.
Example - 1
The paper "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" [REF-428] shows that OSes varied widely in how they manage unusual packets, which made it difficult or impossible for intrusion detection systems to properly detect certain attacker manipulations that took advantage of these OS differences.
Example - 2
Null characters have different interpretations in Perl and C, which have security consequences when Perl invokes C functions. Similar problems have been reported in ASP [REF-429] and PHP.
Related Weaknesses
This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.
CWE-86: Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CWE-115: Misinterpretation of Input
CWE-351: Insufficient Type Distinction
CWE-434: Unrestricted Upload of File with Dangerous Type
CWE-435: Improper Interaction Between Multiple Correctly-Behaving Entities
CWE-437: Incomplete Model of Endpoint Features
CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-626: Null Byte Interaction Error (Poison Null Byte)
CWE-650: Trusting HTTP Permission Methods on the Server Side
Visit http://cwe.mitre.org/ for more details.