P4
sun.net.www.HeaderParser misinterprets a header such as the following:
WWW-Authenticate: Digest realm="testrealm",
nonce="Ovqrpw==b20ff3b0ea3f3a18f1d6293331edaafdb98f5bef", algorithm=MD5,
domain="http://bakedbean.ireland/authtest/", qop="auth"
The nonce value is not parsed correctly because the = character in the
value string is misinterpreted as the end of a key.
Another problem with the parser is that keys are supposed to be
case-insensitive, but are currently treated as case-sensitive.
WWW-Authenticate: Digest realm="testrealm",
nonce="Ovqrpw==b20ff3b0ea3f3a18f1d6293331edaafdb98f5bef", algorithm=MD5,
domain="http://bakedbean.ireland/authtest/", qop="auth"
The nonce value is not parsed correctly because the = character in the
value string is misinterpreted as the end of a key.
Another problem with the parser is that keys are supposed to be
case-insensitive, but are currently treated as case-sensitive.