---

CVE-2017-3509 - log back

CVE-2017-3509 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Remote
Type	+ Privilege escalation
Description	+ It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a different security context. A remote attacker could possibly use this flaw to make a Java application perform HTTP requests authenticated with credentials of a different user.
References	+ http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/bea5b22daf5d
Notes