Vulnerability Description
TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) options are enabled, allows remote attackers to obtain sensitive information via an invalid q_Host parameter, which reveals the full pathname of the application in an fsockopen error message.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tellme | Tellme | 1.2 |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0107.htmlExploitPatch
- http://exploitlabs.com/files/advisories/EXPL-A-2005-015-tellme.txtExploitPatch
- http://secunia.com/advisories/17078PatchVendor Advisory
- http://www.osvdb.org/19872ExploitPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22523
- http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0107.htmlExploitPatch
- http://exploitlabs.com/files/advisories/EXPL-A-2005-015-tellme.txtExploitPatch
- http://secunia.com/advisories/17078PatchVendor Advisory
- http://www.osvdb.org/19872ExploitPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22523
FAQ
What is CVE-2005-4700?
CVE-2005-4700 is a vulnerability with a CVSS score of 5.0 (MEDIUM). TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) options are enabled, allows remote attackers to obtain sensitive information via an invalid q_Host parameter, which reveals the ful...
How severe is CVE-2005-4700?
CVE-2005-4700 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4700?
Check the references section above for vendor advisories and patch information. Affected products include: Tellme Tellme.