A product acts as an intermediary or monitor between two or
more endpoints, but it does not have a complete model of an endpoint's features,
behaviors, or state, potentially causing the product to perform incorrect
actions based on this incomplete model.
Time of Introduction
Architecture and Design
Implementation
Applicable Platforms
Languages
All
Demonstrative Examples
Example 1
HTTP request smuggling is an attack against an intermediary such as
a proxy. This attack works because the proxy expects the client to parse
HTTP headers one way, but the client parses them differently.
Example 2
Anti-virus products that reside on mail servers can suffer from this
issue if they do not know how a mail client will handle a particular
attachment. The product might treat an attachment type as safe, not knowing
that the client's configuration treats it as executable.
Other Notes
This can be related to interaction errors, although in some cases, one of
the endpoints is not performing correctly according to specification.
Description
