CVE-2001-0986

Microsoft Index Server 2.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0986. PoCs published by Syed Mohamed.

AI-analyzed exploit summary This is a writeup describing an information disclosure vulnerability in Microsoft IIS Index Server via the sqlqhit.asp file. The vulnerability allows attackers to retrieve path information, file attributes, and partial file contents by manipulating query parameters.

Description

SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Syed Mohamed · textremotewindows
https://www.exploit-db.com/exploits/21113

This is a writeup describing an information disclosure vulnerability in Microsoft IIS Index Server via the sqlqhit.asp file. The vulnerability allows attackers to retrieve path information, file attributes, and partial file contents by manipulating query parameters.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Microsoft IIS Index Server (versions affected by CVE-2001-0986)
No auth needed
Prerequisites: IIS with Index Server installed · sqlqhit.asp file present in default location
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3339
Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/214217
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/7125

Scores

EPSS 0.4816
EPSS Percentile 98.7%

Details

Status published
Products (1)
microsoft/index_server 2.0
Published Sep 14, 2001
Tracked Since Feb 18, 2026