2 matches found
EAP: field-name is not parsed in accordance to RFC7230
A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400...
netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers
A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling...