CVE-2007-4668
Firebird < 2.0.1 - Unauthenticated Arbitrary File Existence Disclosure
Title source: llmDescription
Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and possibly obtain other "file access," via unknown vectors, aka CORE-1312.
References (8)
Core 8
Core References
Various Sources x_refsource_misc
http://tracker.firebirdsql.org/browse/CORE-1312
Various Sources x_refsource_confirm
http://www.firebirdsql.org/index.php?op=files&id=engine_202
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25497
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3021
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29501
Patch x_refsource_confirm
http://sourceforge.net/project/shownotes.php?release_id=535898
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2008/dsa-1529
Various Sources x_refsource_confirm
http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf
Scores
EPSS
0.0155
EPSS Percentile
72.3%
Details
CWE
CWE-119
CWE-264
Status
published
Products (1)
firebirdsql/firebird
< 2.0.1
Published
Sep 04, 2007
Tracked Since
Feb 18, 2026