Sensitive Information Disclosure in Microsoft Index Server 2.0 via SQLQHit.asp

Sensitive Information Disclosure in Microsoft Index Server 2.0 via SQLQHit.asp

CVE-2001-0986 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.

Learn more about our Cis Benchmark Audit For Cisco.