Vulnerabilities > CVE-2001-0986 - File Information and Path Disclosure vulnerability in Microsoft Index Server 2.0

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
microsoft
exploit available

Summary

SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.

Vulnerable Configurations

Part Description Count
Application
Microsoft
1

Exploit-Db

descriptionMicrosoft Index Server 2.0 File Information and Path Disclosure Vulnerability. CVE-2001-0986 . Remote exploit for windows platform
idEDB-ID:21113
last seen2016-02-02
modified2001-09-14
published2001-09-14
reporterSyed Mohamed
sourcehttps://www.exploit-db.com/download/21113/
titleMicrosoft Index Server 2.0 File Information and Path Disclosure Vulnerability