CVE-2001-0986

Microsoft Index Server 2.0 - Info Disclosure

Title source: llm

Description

SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Syed Mohamed · textremotewindows

https://www.exploit-db.com/exploits/21113

View Code ZIP pw:eip

References (3)

[Patch, Vendor Advisory] http://www.securityfocus.com/archive/1/214217

[Exploit, Vendor Advisory] http://www.securityfocus.com/bid/3339

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/7125

Scores

EPSS 0.7406

EPSS Percentile 98.8%

Details

Status published

Products (1)

microsoft/index_server 2.0

Published Sep 14, 2001

Tracked Since Feb 18, 2026