6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
0.024 Low
EPSS
Percentile
90.0%
Directory traversal vulnerability in the GeoIP_update_database_general
function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious
update servers (possibly only update.maxmind.com) to overwrite arbitrary
files via a … (dot dot) in the database filename, which is returned by a
request to app/update_getfilename.