SpnegoProvider#getAuthScheme calls String#substring without checking its length first. Can be repaired by adding the additional checks header.length() > "Negotiate".length() and header.length() > "Basic".length() to the existing if-statements.
header.length() > "Negotiate".length()
header.length() > "Basic".length()
Log in to post a comment.