Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A local file enumeration was found in Keyfactor SignServer versions prior to 7.3.2 .The property VISIBLE_SIGNATURE_CUSTOM_IMAGE_PATH, which exists in the PDFSigner and the PAdESSigner, can be set to any path without any restrictions by an admin user. In the case that the provided path points to an existing file, readable by the user running the application server, but is not a recognized image format, it will return this as an error to the clientside, confirming the existences of the file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Keyfactor SignServer 安全漏洞
Vulnerability Description
Keyfactor SignServer是美国Keyfactor公司的一个数字签名引擎。 Keyfactor SignServer 7.3.1之前版本存在安全漏洞,该漏洞源于访问控制不当。
CVSS Information
N/A
Vulnerability Type
N/A