CVE-2001-0986

Currently unrated

Key Information:

Vendor: Microsoft
Status: Index Server
Vendor: CVE Published:; 14 September 2001

Summary

SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.

References

http://www.securityfocus.com/bid/3339

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/214217

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/7125

vdb-entryx_refsource_XF

EPSS Score

91% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Jan 31, 2002
Vulnerability published
Sep 14, 2001

Collectors

NVD DatabaseMitre Database