RSS   Vulnerabilities for 'KTOR'   RSS

2021-02-03
 
CVE-2021-25763

CWE-327
 

 
In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default.

 
 
CVE-2021-25762

CWE-444
 

 
In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible.

 
 
CVE-2021-25761

CWE-327
 

 
In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible.

 
2020-01-27
 
CVE-2020-5207

CWE-444
 

 
In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \n as a headers separator.

 
2019-12-26
 
CVE-2019-19389

CWE-79
 

 
JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting.

 
2019-12-10
 
CVE-2019-19703

CWE-601
 

 
In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.

 
2019-10-02
 
CVE-2019-12737

CWE-916
 

 
UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials.

 
 
CVE-2019-12736

CWE-20
 

 
JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection.

 

 >>> Vendor: Jetbrains 20 Products
Teamcity
Intellij idea
Dotpeek
Resharper ultimate
Youtrack integration
HUB
Youtrack
Kotlin
KTOR
Toolbox
Rider
VIM
Pycharm
Upsource
Resharper
Idetalk
Scala
Space
Goland
Phpstorm


Copyright 2021, cxsecurity.com

 

Back to Top