Improper neutralization of CRLF sequences vulnerability in the HTTP Headers of JBOSS Enterprise Application Platform - CVE-2020-1710Deprecated |
ID: oval:org.secpod.oval:def:65793 | Date: (C)2020-10-05 (M)2021-06-07 |
Class: VULNERABILITY | Family: unix |
The host is installed with JBOSS Enterprise Application Platform 6.4.21 or 7.x through 7.3.0 and is prone to an improper neutralization of CRLF sequences vulnerability. A flaw is present in the application, which fails to handle the header field-name in accordance with RFC7230. Successful exploitation could allow an attacker to lead to improper neutralization of CRLF sequences in HTTP headers resulting in an HTTP response code of 200 instead of a bad request of 400.
Product: |
JBOSS Enterprise Application Platform |