1. Home
  2. CWE Database
  3. CWE-435
Pillar · Foundational

CWE-435: Improper Interaction Between Multiple Correctly-Behaving Entities

An interaction error occurs when two entities have correct behavior when running independently of each other, but when they are integrated as components in a larger system or process, they introduce i...

CWE-435 · Pillar Level ·2 CVEs

Description

An interaction error occurs when two entities have correct behavior when running independently of each other, but when they are integrated as components in a larger system or process, they introduce incorrect behaviors that may cause resultant weaknesses.

When a system or process combines multiple independent components, this often produces new, emergent behaviors at the system level. However, if the interactions between these components are not fully accounted for, some of the emergent behaviors can be incorrect or even insecure.

Potential Impact

Integrity

Unexpected State, Varies by Context

Real-World CVE Examples

CVE IDDescription
CVE-2002-0485Anti-virus product allows bypass via Content-Type and Content-Disposition headers that are mixed case, which are still processed by some clients.
CVE-2003-0411chain: Code was ported from a case-sensitive Unix platform to a case-insensitive Windows platform where filetype handlers treat .jsp and .JSP as different extensions. JSP source code may be read becau

Taxonomy Mappings

  • PLOVER: — Interaction Errors

Frequently Asked Questions

What is CWE-435?

CWE-435 (Improper Interaction Between Multiple Correctly-Behaving Entities) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Pillar-level weakness. An interaction error occurs when two entities have correct behavior when running independently of each other, but when they are integrated as components in a larger system or process, they introduce i...

How can CWE-435 be exploited?

Attackers can exploit CWE-435 (Improper Interaction Between Multiple Correctly-Behaving Entities) to unexpected state, varies by context. This weakness is typically introduced during the Architecture and Design, Implementation, Operation phase of software development.

How do I prevent CWE-435?

Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.

What is the severity of CWE-435?

CWE-435 is classified as a Pillar-level weakness (Foundational abstraction). It has been observed in 2 real-world CVEs.