CVEDB API

The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 47.5%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

Products affected by CVE-2020-1710

Redhat » Jboss Data Grid » Version: N/A

cpe:2.3:a:redhat:jboss_data_grid:-
Redhat » Jboss Data Grid » Version: 7.0.0

cpe:2.3:a:redhat:jboss_data_grid:7.0.0
Redhat » Jboss Enterprise Application Platform » Version: N/A

cpe:2.3:a:redhat:jboss_enterprise_application_platform:-
Redhat » Jboss Enterprise Application Platform » Version: 6.4.21

cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.21
Redhat » Jboss Enterprise Application Platform » Version: 7.0.0

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0
Redhat » Jboss Enterprise Application Platform » Version: 7.2.0

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0
Redhat » Jboss Enterprise Application Platform » Version: 7.3.0

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0
Redhat » Openshift Application Runtimes » Version: N/A

cpe:2.3:a:redhat:openshift_application_runtimes:-
Redhat » Single Sign-On » Version: N/A

cpe:2.3:a:redhat:single_sign-on:-