Description
The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.
Remediation
References
Related Vulnerabilities
WordPress Plugin Podlove Podcast Publisher Cross-Site Request Forgery (3.8.3)
MySQL Deserialization of Untrusted Data Vulnerability (CVE-2019-14893)
WordPress Plugin Church Admin 'id' Parameter Cross-Site Scripting (0.33.4.5)
Oracle HTTP Server Other Vulnerability (CVE-2006-5346)
MathJax Inefficient Regular Expression Complexity Vulnerability (CVE-2023-39663)