CVE-2001-0986

Published: Sep 14, 2001Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.

Affected (1)

Products: Microsoft: Index Server

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Index Server	Version 2.0

References (6)

http://www.securityfocus.com/archive/1/214217

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/bid/3339

Source: cve@mitre.org

ExploitVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/7125

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/214217

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/3339

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/7125

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.