CVE-2001-0986
First published: Fri Sep 14 2001(Updated: )
SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Index Server | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2001-0986?
CVE-2001-0986 is considered a high severity vulnerability due to the potential exposure of sensitive information.
How do I fix CVE-2001-0986?
To fix CVE-2001-0986, it is recommended to restrict access to the sqlqhit.asp file and update to a secure version of Microsoft Index Server.
What types of information can be exposed by CVE-2001-0986?
CVE-2001-0986 can expose sensitive information such as physical file paths, file attributes, and portions of source code.
Who is affected by CVE-2001-0986?
CVE-2001-0986 affects users of Microsoft Index Server version 2.0 when improperly configured.
What can attackers do with the information obtained from CVE-2001-0986?
Attackers can leverage the sensitive information obtained from CVE-2001-0986 to exploit further vulnerabilities or gain unauthorized access to systems.
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/remedy
- agent/references
- agent/author
- agent/weakness
- agent/tags
- agent/description
- agent/event
- agent/source
- vendor/microsoft
- canonical/microsoft index server
- version/microsoft index server/2.0