Missing Anti-CSRF Tokens in Kaspersky Anti-Virus for Linux File Server

Missing Anti-CSRF Tokens in Kaspersky Anti-Virus for Linux File Server

CVE-2017-9810 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.