Description

The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.

Remediation

References

CVE-2020-1710

Related Vulnerabilities

Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-1009)

Oracle Database Server CVE-2006-5335 Vulnerability (CVE-2006-5335)

WordPress Plugin Facebook Button by BestWebSoft Cross-Site Request Forgery (2.13)

PostgreSQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2017-12172)

MySQL CVE-2016-0644 Vulnerability (CVE-2016-0644)

Severity

Medium

Classification

CVE-2020-1710 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities