Subject Re: [firebird-support] Vulnerability
Author Mark Rotteveel
On 26-9-2016 22:56, Carlos Mazariegos carlosemazariegosa@...
[firebird-support] wrote:
> I understand firebird is not equal interbase,
> but the problem is that the Firewall Palo Alto,
> Palo Alto detected the vulnerability with my application, which is built
> with:

It didn't detect the vulnerability, it likely just detected that you
used the Firebird protocol and matched that with one of the known and
fixed vulnerabilities. You really need to be more specific, did it say
which vulnerability it detected (which CVE)?

> * Java EE 7
> * Glassfish 4.1
> * Firebird Superserver 2.5.5.
> researching on the internet I found that firebird has had buffer
> overflow vulnerability. My question is:
> Firebird presents the vulnerability of "buffer overflow"?

The term "buffer overflow" is very generic, and Firebird has had a few
in previous versions. As far as I am aware, there are no known
vulnerabilities in 2.5.5.

You might want to contact the vendor of Firewall Palo Alto to specify
which vulnerability they detected.

Mark Rotteveel