Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4281222

Authorization string exposed outside of authenticated realm

    XMLWordPrintable

    Details

    • Subcomponent:
    • Resolved In Build:
      kestrel
    • CPU:
      generic
    • OS:
      solaris_2.6

      Description

      Following the successful authentication step HttpURLConnection preemptively sends a cached Authorization string. This attempt causes a security vulnerability since HttpURLConnection inserts this string into the HTTP header for all subsequent fetches to the host:port. This exposes the Authorization string to all paths even those that are not under the Realm the client authenticated to.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              gellisonsunw Gary Ellison (Inactive)
              Reporter:
              gellisonsunw Gary Ellison (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Imported:
                Indexed: