CVE-2005-4700 Information

Description

TellMe 1.2 and earlier when the Server (o_Server) and HEAD (o_Head) options are enabled allows remote attackers to obtain sensitive information via an invalid q_Host parameter which reveals the full pathname of the application in an fsockopen error message.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0107.html http://exploitlabs.com/files/advisories/EXPL-A-2005-015-tellme.txt http://secunia.com/advisories/17078 http://www.osvdb.org/19872 https://exchange.xforce.ibmcloud.com/vulnerabilities/22523