Vulnerabilities > CVE-2020-1710 - Unspecified vulnerability in Redhat products

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

NVD

Published: 2020-09-16

Updated: 2020-09-22

Summary

The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.

Part	Description	Count
Application	Redhat Redhat Jboss Data Grid - Redhat Jboss Data Grid 7.0.0 Redhat Jboss Enterprise Application Platform - Redhat Jboss Enterprise Application Platform 6.4.21 Redhat Jboss Enterprise Application Platform 7.0.0 Redhat Jboss Enterprise Application Platform 7.2.0 Redhat Jboss Enterprise Application Platform 7.3.0 Redhat Openshift Application Runtimes - Redhat Single Sign ON -	9