CVE-2020-1710

Summary

The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.

Affected Software

VendorProductVersion RangeStatus
n/aJBoss Enterprise Application PlatformEAP 6.4.21affected

Weaknesses

  • Improper Neutralization of CRLF Sequences in HTTP Headers

ADP Enrichment

CVE Program Container

Additional References

References