Skip to main content

Ktor CVE-2021-25763

MEDIUM
Use of a Broken or Risky Cryptographic Algorithm (CWE-327)
2021-02-03 cve@mitre.org
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 03, 2021 - 16:15 nvd
MEDIUM 5.3

DescriptionNVD

In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default.

AnalysisAI

In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-327. In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by default. Affected products include: Jetbrains Ktor. Version information: before 1.4.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Ktor

View all
CVE-2019-19703 MEDIUM POC
6.1 Dec 10

In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location. Rated medium s

CVE-2023-45612 CRITICAL
9.8 Oct 09

In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE. Rated

CVE-2019-12736 CRITICAL
9.8 Oct 02

JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, lead

CVE-2019-19389 MEDIUM POC
5.4 Dec 26

JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting. Rated medium severity (CVSS 5.4

CVE-2023-45613 CRITICAL
9.1 Oct 09

In JetBrains Ktor before 2.3.5 server certificates were not verified. Rated critical severity (CVSS 9.1), this vulnerabi

CVE-2019-10102 HIGH
8.1 Jul 03

JetBrains Ktor framework (created using the Kotlin IDE template) versions before 1.1.0 were resolving artifacts using an

CVE-2021-43203 HIGH
7.5 Nov 09

In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly. R

CVE-2020-5207 HIGH
7.5 Jan 27

In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and T

CVE-2022-38180 MEDIUM
6.5 Aug 12

In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases. Rated medium severity

CVE-2020-26129 MEDIUM
6.5 Nov 16

In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. Rated medium severity (CVSS 6.5), this vulnerabilit

CVE-2022-38179 MEDIUM
6.1 Aug 12

JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack. Rated medium severity (CVSS 6.1), this v

CVE-2025-29904 MEDIUM
5.3 Mar 12

In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible. Rated medium severity (CVSS 5.3), this vulnerabil

Share

CVE-2021-25763 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy