There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an malicious user to submit authenticated requests when an authenticated user browses an attacker-controlled domain.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
kaspersky anti-virus for linux server |
Also, update your Kaspersky Anti-Virus File Server – before you get hacked
Several employees of Russian security vendor Kaspersky Lab got an unpleasant surprise on Tuesday night when FBI agents popped round to their residences for a chat. Staff in the US were visited and agents reportedly told them that they weren't under criminal investigation, but that the Feds would just like some information about how the company operates and shares information with its home office in Russia. "As a private company, Kaspersky Lab has no ties to any government, and the company has ne...