CVE-2020-1710 | Vulnerability Database | Aqua Security

NVD

CWE

The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.

Name	Vendor	Start Version	End Version
Jboss_data_grid	Redhat	- (including)	- (including)
Jboss_data_grid	Redhat	7.0.0 (including)	7.0.0 (including)
Jboss_enterprise_application_platform	Redhat	- (including)	- (including)
Jboss_enterprise_application_platform	Redhat	6.4.21 (including)	6.4.21 (including)
Jboss_enterprise_application_platform	Redhat	7.0.0 (including)	7.0.0 (including)
Jboss_enterprise_application_platform	Redhat	7.2.0 (including)	7.2.0 (including)
Jboss_enterprise_application_platform	Redhat	7.3.0 (including)	7.3.0 (including)
Openshift_application_runtimes	Redhat	- (including)	- (including)
Single_sign-on	Redhat	- (including)	- (including)