Description
The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.
Remediation
References
Related Vulnerabilities
Drupal Incorrect Authorization Vulnerability (CVE-2022-25274)
WordPress Plugin WP e-Commerce Predictive Search Cross-Site Scripting (1.1.1)
Oracle Application Server CVE-2007-5520 Vulnerability (CVE-2007-5520)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1167)
WordPress Plugin Bad Behavior Multiple Vulnerabilities (2.2.18)