CVE-2018-7739

CRITICAL

antsle antman <0.9.1a - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2018-7739. PoCs published by Joshua Bowser.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass in antMan <= 0.9.0c by manipulating POST parameters to force the authentication script to produce unintended return values, granting root access.

Description

antsle antman before 0.9.1a allows remote attackers to bypass authentication via invalid characters in the username and password parameters, as demonstrated by a username=>&password=%0a string to the /login URI. This allows obtaining root permissions within the web management console, because the login process uses Java's ProcessBuilder class and a bash script called antsle-auth with insufficient input validation.

Exploits (2)

exploitdb WORKING POC
by Joshua Bowser · textwebappsjava
https://www.exploit-db.com/exploits/44262

This exploit demonstrates an authentication bypass in antMan <= 0.9.0c by manipulating POST parameters to force the authentication script to produce unintended return values, granting root access.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: antMan <= 0.9.0c
No auth needed
Prerequisites: Network access to the antMan web management console
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Joshua Bowser · textwebappsmultiple
https://www.exploit-db.com/exploits/44220

This exploit demonstrates an authentication bypass in antMan <= 0.9.0c by manipulating POST parameters to force the authentication script to produce unintended return values, granting root access.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: antMan <= 0.9.0c
No auth needed
Prerequisites: Access to the antMan login page · Ability to intercept and modify HTTP requests
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44262/
Exploit, Third Party Advisory x_refsource_misc
http://blog.codecatoctin.com/2018/02/antman-authentication-bypass.html
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44220/

Scores

CVSS v3 9.8
EPSS 0.5456
EPSS Percentile 98.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (1)
antsle/antman < 0.9.0c
Published Mar 07, 2018
Tracked Since Feb 18, 2026