Strix
26.1K

CVE-2007-0159

UnknownEPSS 2.02%

Last modified

CVE-2007-0159 is a vulnerability of currently unknown severity. Directory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers (possibly only update.maxmind.com) to overwrite arbitrary files via a .. (dot dot) in the database filename, which is returned by a request to app/update_getfilename.. EPSS estimates a 2.02% chance of exploitation in the next 30 days.

Description

Directory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers (possibly only update.maxmind.com) to overwrite arbitrary files via a .. (dot dot) in the database filename, which is returned by a request to app/update_getfilename.

Metrics

EPSS Probability
2.02%

78.5th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
GeoipGeoip1.4.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2007-0159?
Directory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers (possibly only update.maxmind.com) to overwrite arbitrary files via a .. (dot dot) in the database filename, which is returned by a request to app/update_getfilename.
How severe is CVE-2007-0159?
Severity scoring for CVE-2007-0159 is pending analysis. The EPSS model estimates a 2.02% probability of exploitation in the next 30 days.
How do I fix CVE-2007-0159?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-0159?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST