Vulnerabilities > CVE-2005-4700 - Unspecified vulnerability in Tellme 1.2

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

tellme

NVD

Published: 2005-12-31

Updated: 2024-11-21

Summary

TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) options are enabled, allows remote attackers to obtain sensitive information via an invalid q_Host parameter, which reveals the full pathname of the application in an fsockopen error message.

Vulnerable Configurations

Part	Description	Count
Application	Tellme Tellme Tellme 1.2	1

References

http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0107.html
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0107.html
http://exploitlabs.com/files/advisories/EXPL-A-2005-015-tellme.txt
http://exploitlabs.com/files/advisories/EXPL-A-2005-015-tellme.txt
http://secunia.com/advisories/17078
http://secunia.com/advisories/17078
http://www.osvdb.org/19872
http://www.osvdb.org/19872
https://exchange.xforce.ibmcloud.com/vulnerabilities/22523
https://exchange.xforce.ibmcloud.com/vulnerabilities/22523