The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.
2020-09-16T15:15:12.457
2024-11-21T05:11:13.130
Modified
CVSSv3.1: 5.3 (MEDIUM)
AV:N/AC:L/Au:N/C:N/I:P/A:N
10.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | redhat | jboss_data_grid | - | Yes |
| Application | redhat | jboss_data_grid | 7.0.0 | Yes |
| Application | redhat | jboss_enterprise_application_platform | - | Yes |
| Application | redhat | jboss_enterprise_application_platform | 6.4.21 | Yes |
| Application | redhat | jboss_enterprise_application_platform | 7.0.0 | Yes |
| Application | redhat | jboss_enterprise_application_platform | 7.2.0 | Yes |
| Application | redhat | jboss_enterprise_application_platform | 7.3.0 | Yes |
| Application | redhat | openshift_application_runtimes | - | Yes |
| Application | redhat | single_sign-on | - | Yes |