Information Disclosure Vulnerability in Microsoft Index Server 2.0
CVE-2001-0986

Currently unrated

Key Information:

Vendor: Microsoft
Status: Index Server
Vendor: CVE Published:; 14 September 2001

What is CVE-2001-0986?

The SQLQHit.asp sample file in Microsoft Index Server 2.0 is susceptible to an information disclosure vulnerability. This flaw allows unauthorized remote attackers to exploit the application by invoking sqlqhit.asp with specific CiScope parameter values. By doing so, attackers can gain access to sensitive data, including the physical file paths, file attributes, and sections of the source code, which can lead to further exploitation of the server's configuration and data.

References

http://www.securityfocus.com/bid/3339

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/214217

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/7125

vdb-entryx_refsource_XF

EPSS Score

74% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Jan 31, 2002
Vulnerability published
Sep 14, 2001