CVE-2007-4669

Published: Sep 4, 2007Modified: Apr 23, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148.

Affected (1)

Products: Firebirdsql: Firebird

Firebirdsql

1 product

Firebird

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Firebirdsql Firebird	Up to 2.0.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-264

References (14)

http://secunia.com/advisories/29501

Source: cve@mitre.org

http://sourceforge.net/project/shownotes.php?release_id=535898

Source: cve@mitre.org

http://tracker.firebirdsql.org/browse/CORE-1148

Source: cve@mitre.org

http://www.debian.org/security/2008/dsa-1529

Source: cve@mitre.org

http://www.firebirdsql.org/index.php?op=files&id=engine_202

Source: cve@mitre.org

http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf

Source: cve@mitre.org

http://www.securityfocus.com/bid/25497

Source: cve@mitre.org

Patch

http://secunia.com/advisories/29501