Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:MISC:ANT-MAN-AUTH-BY |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
antMan 0.9.1a CVE-2018-7739 Authentication Bypass |
Release Date |
2020/01/09 |
Update Number |
3242 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: antMan 0.9.1a CVE-2018-7739 Authentication Bypass
This signature detects attempts to exploit a known vulnerability against antMan 0.9.1a. A successful attack can lead to authentication bypass.
Extended Description
antsle antman before 0.9.1a allows remote attackers to bypass authentication via invalid characters in the username and password parameters, as demonstrated by a username=>&password=%0a string to the /login URI. This allows obtaining root permissions within the web management console, because the login process uses Java's ProcessBuilder class and a bash script called antsle-auth with insufficient input validation.
Affected Products
- Antsle antman 0.9.0c
References
- CVE: CVE-2018-7739