CVE-2001-0986

CVE Database · CVE-2001-0986

CVE-2001-0986

· N/AModified

CVSS v3.1

N/A

EPSS

48.16%

Published

Sep 14, 2001

Modified

Apr 15, 2026

Public PoC / Exploit (1)

All weaponized →

Exploit-DBMicrosoft Index Server 2.0 - File Information / Full Path Disclosure

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.

Affected Products (1)

microsoft · index_servervulnerable

References (6)

http://www.securityfocus.com/archive/1/214217

PatchVendor Advisory

http://www.securityfocus.com/bid/3339

ExploitVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/7125

http://www.securityfocus.com/archive/1/214217

PatchVendor Advisory

http://www.securityfocus.com/bid/3339

ExploitVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/7125

KEV Catalog EPSS Scores Vendors All CVEs