| CWE-434 |
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. |
| CWE-435 |
An interaction error occurs when two entities have correct behavior when running independently of each other, but when they are integrated as components in a larger system or process, they introduce incorrect behaviors that may cause resultant weaknesses. |
| CWE-436 |
Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state. |
| CWE-437 |
A product acts as an intermediary or monitor between two or more endpoints, but it does not have a complete model of an endpoint's features, behaviors, or state, potentially causing the product to perform incorrect actions based on this incomplete model. |
| CWE-439 |
A's behavior or functionality changes with a new version of A, or a new environment, which is not known (or manageable) by B. |
| CWE-44 |
A software system that accepts path input in the form of internal dot ('file.ordir') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. |
| CWE-440 |
A feature, API, or function being used by a product behaves differently than the product expects. |
| CWE-441 |
The software receives a request, message, or directive from an upstream component, but the software does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the software's control sphere. This causes the software to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor. |
| CWE-443 |
This weakness can be found at CWE-113. |
| CWE-444 |
When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to "smuggle" a request to one device without the other device being aware of it. |
