The specification specifies this
A WebApplicationException thrown during construction of field or property values using any of the 5 steps listed above is processed directly as described in Exceptions. Other exceptions thrown during construction of field or property values using any of the 5 steps listed above are treated as client errors: if the field or property is annotated with @MatrixParam, @QueryParam or @PathParam then an implementation MUST generate an instance of NotFoundException (404 status) that wraps the thrown exception and no entity; if the field or property is annotated with @HeaderParam or @CookieParam then an implementation MUST generate an instance of BadRequestException (400 status) that wraps the thrown exception and no entity. Exceptions MUST be processed as described in Exceptions.
This is confusing, even for developers with years of experience. Receiving a 404 when a 400 is expected shouldn't be a valid behaviour for a server.
Why is the specification written in such way ?
And why do they make a difference between url parameters and meta parameters ?
Since you're effectively asking about the developers logic in this decision, the best I can do is quote them:
From this cached copy of RESTful Java with JAX-RS 2.0 (Second Edition)
Full PDF of RESTful Java with JAX-RS 2.0 can also be found here.
"NotFoundException is used when you want to tell the client that the resource it is requesting does not exist. There are also some error conditions where the JAX-RS runtime will throw this exception automatically. If the JAX-RS runtime fails to inject into an @PathParam, @QueryParam, or @MatrixParam, it will throw this exception. Like in the conditions discussed for BadRequestException, this can happen if you are trying to convert to a type the parameter value isn’t meant for."
Later on in Chapter 7, there's some further description of the logic:
"if a client mistypes the request URI, for example, to customers, it will result in the server not finding a JAX-RS resource method that can service the request. In this case, a 404, “Not Found,” response code will be sent back to the client."
Effectively, they're saying that if the error involves any of the URI related fields, then it counts as a 404, because JAVA will not even be able to create the correct URI, and effectively not be able to find a page. Whereas, if it involves the @HeaderParam or @CookieParam then its just a poorly formed request, where the URI was found, but the Header or Cookie cannot be handled properly.