Improper Interaction Between Multiple Correctly-Behaving Entities

Description

This weakness occurs when individually secure components interact in unexpected ways within a larger system, creating new security flaws that weren't present in isolation.

Extended Description

Modern software often integrates multiple independent components, libraries, or services. While each component may function correctly and securely on its own, their combination can create unintended, emergent behaviors at the system level. These new behaviors are not a failure of any single component, but a result of unanticipated interactions between them. For developers, this means secure design must extend beyond individual modules to include their integration points. Failing to model how components exchange data, share resources, or handle errors together can introduce vulnerabilities that are invisible during unit testing. The security of the whole system depends on understanding these interactions as much as the security of its parts.

Common Consequences 1

Scope: Integrity

Impact: Unexpected StateVaries by Context

Demonstrative Examples 1

The paper "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" [REF-428] shows that OSes varied widely in how they manage unusual packets, which made it difficult or impossible for intrusion detection systems to properly detect certain attacker manipulations that took advantage of these OS differences.

Observed Examples 2

CVE-2002-0485Anti-virus product allows bypass via Content-Type and Content-Disposition headers that are mixed case, which are still processed by some clients.

CVE-2003-0411chain: Code was ported from a case-sensitive Unix platform to a case-insensitive Windows platform where filetype handlers treat .jsp and .JSP as different extensions. JSP source code may be read because .JSP defaults to the filetype "text".

References 2

Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection

Thomas H. Ptacek and Timothy N. Newsham

01-1998

https://insecure.org/stf/secnet_ids/secnet_ids.pdf(2023-04-07)

ID: REF-428

Use of A Taxonomy of Security Faults

Taimur Aslam, Ivan Krsul, and Eugene H. Spafford

01-08-1995

https://csrc.nist.gov/csrc/media/publications/conference-paper/1996/10/22/proceedings-of-the-19th-nissc-1996/documents/paper057/paper.pdf(2023-04-07)

ID: REF-568

Applicable Platforms

Languages:

Not Language-Specific : Undetermined

Technologies:

Not Technology-Specific : Undetermined

Modes of Introduction

Architecture and Design

Implementation

Operation

Alternate Terms

Interaction Error

Emergent Fault

Taxonomy Mapping

PLOVER

Notes

Research Gap Weaknesses related to this Pillar appear to be under-studied, especially with respect to classification schemes. Input from academic and other communities could help identify and resolve gaps or organizational difficulties within CWE.

RelationshipThe "Interaction Error" term, in CWE and elsewhere, is only intended to describe products that behave according to specification. When one or more of the products do not comply with specifications, then it is more likely to be API Abuse (7PK - API Abuse) or an interpretation conflict (Interpretation Conflict). This distinction can be blurred in real world scenarios, especially when "de facto" standards do not comply with specifications, or when there are no standards but there is widespread adoption. As a result, it can be difficult to distinguish these weaknesses during mapping and classification.