Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'KTOR'
2022-04-11
CVE-2022-29035
CWE-330
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations
2021-11-09
CVE-2021-43203
CWE-287
In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly.
2021-02-03
CVE-2021-25763
CWE-327
In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default.
CVE-2021-25762
CWE-444
In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible.
CVE-2021-25761
CWE-327
In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible.
2020-01-27
CVE-2020-5207
CWE-444
In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator.
2019-12-26
CVE-2019-19389
CWE-79
JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting.
2019-12-10
CVE-2019-19703
CWE-601
In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.
2019-10-02
CVE-2019-12737
CWE-916
UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials.
CVE-2019-12736
CWE-20
JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection.
Copyright
2024
, cxsecurity.com
Back to Top