1. Home
  2. CWE Database
  3. CWE-436
Class · High

CWE-436: Interpretation Conflict

Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.

CWE-436 · Class Level ·9 CVEs

Description

Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.

This is generally found in proxies, firewalls, anti-virus software, and other intermediary devices that monitor, allow, deny, or modify traffic based on how the client or server is expected to behave.

Potential Impact

Integrity, Other

Unexpected State, Varies by Context

Real-World CVE Examples

CVE IDDescription
CVE-2005-1215Bypass filters or poison web cache using requests with multiple Content-Length headers, a non-standard behavior.
CVE-2002-0485Anti-virus product allows bypass via Content-Type and Content-Disposition headers that are mixed case, which are still processed by some clients.
CVE-2002-1978FTP clients sending a command with "PASV" in the argument can cause firewalls to misinterpret the server's error as a valid response, allowing filter bypass.
CVE-2002-1979FTP clients sending a command with "PASV" in the argument can cause firewalls to misinterpret the server's error as a valid response, allowing filter bypass.
CVE-2002-0637Virus product bypass with spaces between MIME header fields and the ":" separator, a non-standard message that is accepted by some clients.
CVE-2002-1777AV product detection bypass using inconsistency manipulation (file extension in MIME Content-Type vs. Content-Disposition field).
CVE-2005-3310CMS system allows uploads of files with GIF/JPG extensions, but if they contain HTML, Internet Explorer renders them as HTML instead of images.
CVE-2005-4260Interpretation conflict allows XSS via invalid "<" when a ">" is expected, which is treated as ">" by many web browsers.
CVE-2005-4080Interpretation conflict (non-standard behavior) enables XSS because browser ignores invalid characters in the middle of tags.

CWE-435: Improper Interaction Between Multiple Correctly-Behaving Entities

An interaction error occurs when two entities have correct behavior when running independently of each other, but when t...

Taxonomy Mappings

  • PLOVER: — Multiple Interpretation Error (MIE)
  • WASC: 27 — HTTP Response Smuggling

Frequently Asked Questions

What is CWE-436?

CWE-436 (Interpretation Conflict) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Class-level weakness. Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.

How can CWE-436 be exploited?

Attackers can exploit CWE-436 (Interpretation Conflict) to unexpected state, varies by context. This weakness is typically introduced during the Architecture and Design, Implementation phase of software development.

How do I prevent CWE-436?

Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.

What is the severity of CWE-436?

CWE-436 is classified as a Class-level weakness (High abstraction). It has been observed in 9 real-world CVEs.