diff --git a/jdk/src/java.base/share/classes/java/net/URLStreamHandler.java b/jdk/src/java.base/share/classes/java/net/URLStreamHandler.java
index 30c9791cd95..8ce586bdcaa 100644
--- a/jdk/src/java.base/share/classes/java/net/URLStreamHandler.java
+++ b/jdk/src/java.base/share/classes/java/net/URLStreamHandler.java
@@ -161,9 +161,9 @@ public abstract class URLStreamHandler {
             (spec.charAt(start + 1) == '/')) {
             start += 2;
             i = spec.indexOf('/', start);
-            if (i < 0) {
+            if (i < 0 || i > limit) {
                 i = spec.indexOf('?', start);
-                if (i < 0)
+                if (i < 0 || i > limit)
                     i = limit;
             }
 
@@ -171,8 +171,14 @@ public abstract class URLStreamHandler {
 
             int ind = authority.indexOf('@');
             if (ind != -1) {
-                userInfo = authority.substring(0, ind);
-                host = authority.substring(ind+1);
+                if (ind != authority.lastIndexOf('@')) {
+                    // more than one '@' in authority. This is not server based
+                    userInfo = null;
+                    host = null;
+                } else {
+                    userInfo = authority.substring(0, ind);
+                    host = authority.substring(ind+1);
+                }
             } else {
                 userInfo = null;
             }